diff options
| author | Zach Copley <zach@status.net> | 2010-09-29 15:52:18 -0700 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-09-29 16:35:15 -0700 |
| commit | f79f44801cfd76b7e9e4cbfb94917bc8b395a886 (patch) | |
| tree | 43e0c010107ef358cd5465a30ad009c943a74db0 /plugins/AnonymousFave/anondisfavor.php | |
| parent | 0fe0f421731ee3cfa5e0bafd08559cc9bfc44422 (diff) | |
- Lookup anon profiles by ID (safer because they are guranteed to be unique) and probably faster
- Obfuscate the anonymous user session token to make it hard to figure out the profile ID
Diffstat (limited to 'plugins/AnonymousFave/anondisfavor.php')
| -rw-r--r-- | plugins/AnonymousFave/anondisfavor.php | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/plugins/AnonymousFave/anondisfavor.php b/plugins/AnonymousFave/anondisfavor.php index 9fd56fdc3..f39d5a778 100644 --- a/plugins/AnonymousFave/anondisfavor.php +++ b/plugins/AnonymousFave/anondisfavor.php @@ -54,15 +54,7 @@ class AnonDisfavorAction extends RedirectingAction { parent::handle($args); - $anon = $_SESSION['anon_nickname']; - - $profile = Profile::staticGet('nickname', $anon); - - if (empty($profile)) { - common_debug( - "AnonDisFavorAction - Anon user tried to disfave a notice but doesn't have a profile." - ); - } + $profile = AnonymousFavePlugin::getAnonProfile(); if (empty($profile) || $_SERVER['REQUEST_METHOD'] != 'POST') { $this->clientError( |