summaryrefslogtreecommitdiff
path: root/actions/favor.php
diff options
context:
space:
mode:
authorcsarven <csarven@controlyourself.ca>2008-11-14 22:35:49 -0500
committercsarven <csarven@controlyourself.ca>2008-11-14 22:35:49 -0500
commit322a79739dbee9f5a9bb4e012cd75a3d034a8bad (patch)
tree67f0eb5589f27d5a7c0af607028e0f55b630e9b1 /actions/favor.php
parent6a02f5d3c2b2ffc93619a0e7c6e07ecc05be9909 (diff)
trac670 trac689 Favorites (duplicate id, background image, JavaScript)
darcs-hash:20081115033549-eefa4-cfbca6f9c723aa63869c39d6851de7a7803f0703.gz
Diffstat (limited to 'actions/favor.php')
-rw-r--r--actions/favor.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/actions/favor.php b/actions/favor.php
index dd61899e4..82b70a35b 100644
--- a/actions/favor.php
+++ b/actions/favor.php
@@ -38,16 +38,17 @@ class FavorAction extends Action {
return;
}
+ $id = $this->trimmed('notice');
+
+ $notice = Notice::staticGet($id);
+
# CSRF protection
- $token = $this->trimmed('token');
+ $token = $this->trimmed('token-'.$notice->id);
if (!$token || $token != common_session_token()) {
- $this->client_error(_('There was a problem with your session token. Try again, please.'));
+ $this->client_error(_("There was a problem with your session token. Try again, please."));
return;
}
- $id = $this->trimmed('notice');
-
- $notice = Notice::staticGet($id);
if ($user->hasFave($notice)) {
$this->client_error(_('This notice is already a favorite!'));
@@ -67,7 +68,7 @@ class FavorAction extends Action {
if ($this->boolean('ajax')) {
common_start_html('text/xml');
common_element_start('head');
- common_element('title', _('Disfavor'));
+ common_element('title', null, _('Disfavor favorite'));
common_element_end('head');
common_element_start('body');
common_disfavor_form($notice);