From 33f7cec924ff46d5f890130393fe023d2ddd6100 Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 3 Jun 2011 01:24:14 +0000 Subject: Fixes #3497 users can unlike other users content git-svn-id: http://code.elgg.org/elgg/trunk@9132 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/likes/actions/likes/add.php | 2 +- mod/likes/actions/likes/delete.php | 26 +++++++++----------------- mod/likes/views/default/likes/display.php | 3 +-- 3 files changed, 11 insertions(+), 20 deletions(-) (limited to 'mod/likes') diff --git a/mod/likes/actions/likes/add.php b/mod/likes/actions/likes/add.php index f56493864..7ccb19d92 100644 --- a/mod/likes/actions/likes/add.php +++ b/mod/likes/actions/likes/add.php @@ -18,7 +18,7 @@ if (!$entity) { forward(REFERER); } -// cannot like your own stuff +// limit likes through a plugin hook (to prevent liking your own content for example) if (!$entity->canAnnotate(0, 'likes')) { // plugins should register the error message to explain why liking isn't allowed forward(REFERER); diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php index 867d5dfef..db3036bb4 100644 --- a/mod/likes/actions/likes/delete.php +++ b/mod/likes/actions/likes/delete.php @@ -4,26 +4,18 @@ * */ -// Ensure we're logged in -if (!elgg_is_logged_in()) { - forward(); -} - -// Make sure we can get the comment in question -$annotation_id = (int) get_input('annotation_id'); -if ($likes = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($likes->entity_guid); - - if ($likes->canEdit()) { - $likes->delete(); +$likes = elgg_get_annotations(array( + 'guid' => (int) get_input('guid'), + 'annotation_owner_guid' => elgg_get_logged_in_user_guid(), + 'annotation_name' => 'likes', +)); +if ($likes) { + if ($likes[0]->canEdit()) { + $likes[0]->delete(); system_message(elgg_echo("likes:deleted")); forward(REFERER); } - -} else { - $url = ""; } register_error(elgg_echo("likes:notdeleted")); -forward(REFERER); \ No newline at end of file +forward(REFERER); diff --git a/mod/likes/views/default/likes/display.php b/mod/likes/views/default/likes/display.php index cbfe46078..2dc50ddd0 100644 --- a/mod/likes/views/default/likes/display.php +++ b/mod/likes/views/default/likes/display.php @@ -28,8 +28,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) { 'annotation_name' => 'likes', 'owner_guid' => elgg_get_logged_in_user_guid() ); - $likes = elgg_get_annotations($options); - $url = elgg_get_site_url() . "action/likes/delete?annotation_id={$likes[0]->id}"; + $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}"; $params = array( 'href' => $url, 'text' => elgg_view_icon('thumbs-up-alt'), -- cgit v1.2.3