From 322a79739dbee9f5a9bb4e012cd75a3d034a8bad Mon Sep 17 00:00:00 2001
From: csarven <csarven@controlyourself.ca>
Date: Fri, 14 Nov 2008 22:35:49 -0500
Subject: trac670 trac689 Favorites (duplicate id, background image,
 JavaScript)

darcs-hash:20081115033549-eefa4-cfbca6f9c723aa63869c39d6851de7a7803f0703.gz
---
 actions/favor.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'actions/favor.php')

diff --git a/actions/favor.php b/actions/favor.php
index dd61899e4..82b70a35b 100644
--- a/actions/favor.php
+++ b/actions/favor.php
@@ -38,16 +38,17 @@ class FavorAction extends Action {
 			return;
 		}
 
+		$id = $this->trimmed('notice');
+
+		$notice = Notice::staticGet($id);
+
 		# CSRF protection
 
-		$token = $this->trimmed('token');
+		$token = $this->trimmed('token-'.$notice->id);
 		if (!$token || $token != common_session_token()) {
-			$this->client_error(_('There was a problem with your session token. Try again, please.'));
+			$this->client_error(_("There was a problem with your session token. Try again, please."));
 			return;
 		}
-		$id = $this->trimmed('notice');
-
-		$notice = Notice::staticGet($id);
 
 		if ($user->hasFave($notice)) {
 			$this->client_error(_('This notice is already a favorite!'));
@@ -67,7 +68,7 @@ class FavorAction extends Action {
 		if ($this->boolean('ajax')) {
 			common_start_html('text/xml');
 			common_element_start('head');
-			common_element('title', _('Disfavor'));
+			common_element('title', null, _('Disfavor favorite'));
 			common_element_end('head');
 			common_element_start('body');
 			common_disfavor_form($notice);
-- 
cgit v1.2.3-54-g00ecf