diff options
| author | csarven <csarven@controlyourself.ca> | 2008-11-14 22:35:49 -0500 |
|---|---|---|
| committer | csarven <csarven@controlyourself.ca> | 2008-11-14 22:35:49 -0500 |
| commit | 322a79739dbee9f5a9bb4e012cd75a3d034a8bad (patch) | |
| tree | 67f0eb5589f27d5a7c0af607028e0f55b630e9b1 /actions | |
| parent | 6a02f5d3c2b2ffc93619a0e7c6e07ecc05be9909 (diff) | |
trac670 trac689 Favorites (duplicate id, background image, JavaScript)
darcs-hash:20081115033549-eefa4-cfbca6f9c723aa63869c39d6851de7a7803f0703.gz
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/disfavor.php | 14 | ||||
| -rw-r--r-- | actions/favor.php | 13 |
2 files changed, 14 insertions, 13 deletions
diff --git a/actions/disfavor.php b/actions/disfavor.php index 35cfd6070..6ac94d720 100644 --- a/actions/disfavor.php +++ b/actions/disfavor.php @@ -37,17 +37,17 @@ class DisfavorAction extends Action { return; } - $token = $this->trimmed('token'); + $id = $this->trimmed('notice'); + + $notice = Notice::staticGet($id); + + $token = $this->trimmed('token-'.$notice->id); if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); + $this->client_error(_("There was a problem with your session token. Try again, please.")); return; } - $id = $this->trimmed('notice'); - - $notice = Notice::staticGet($id); - $fave = new Fave(); $fave->user_id = $this->id; $fave->notice_id = $notice->id; @@ -69,7 +69,7 @@ class DisfavorAction extends Action { if ($this->boolean('ajax')) { common_start_html('text/xml'); common_element_start('head'); - common_element('title', _('Favor')); + common_element('title', null, _('Add to favorites')); common_element_end('head'); common_element_start('body'); common_favor_form($notice); diff --git a/actions/favor.php b/actions/favor.php index dd61899e4..82b70a35b 100644 --- a/actions/favor.php +++ b/actions/favor.php @@ -38,16 +38,17 @@ class FavorAction extends Action { return; } + $id = $this->trimmed('notice'); + + $notice = Notice::staticGet($id); + # CSRF protection - $token = $this->trimmed('token'); + $token = $this->trimmed('token-'.$notice->id); if (!$token || $token != common_session_token()) { - $this->client_error(_('There was a problem with your session token. Try again, please.')); + $this->client_error(_("There was a problem with your session token. Try again, please.")); return; } - $id = $this->trimmed('notice'); - - $notice = Notice::staticGet($id); if ($user->hasFave($notice)) { $this->client_error(_('This notice is already a favorite!')); @@ -67,7 +68,7 @@ class FavorAction extends Action { if ($this->boolean('ajax')) { common_start_html('text/xml'); common_element_start('head'); - common_element('title', _('Disfavor')); + common_element('title', null, _('Disfavor favorite')); common_element_end('head'); common_element_start('body'); common_disfavor_form($notice); |