diff options
author | Zach Copley <zach@status.net> | 2010-09-29 15:52:18 -0700 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2010-09-29 16:35:15 -0700 |
commit | f79f44801cfd76b7e9e4cbfb94917bc8b395a886 (patch) | |
tree | 43e0c010107ef358cd5465a30ad009c943a74db0 /plugins/AnonymousFave/anonfavor.php | |
parent | 0fe0f421731ee3cfa5e0bafd08559cc9bfc44422 (diff) |
- Lookup anon profiles by ID (safer because they are guranteed to be unique) and probably faster
- Obfuscate the anonymous user session token to make it hard to figure out the profile ID
Diffstat (limited to 'plugins/AnonymousFave/anonfavor.php')
-rw-r--r-- | plugins/AnonymousFave/anonfavor.php | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/plugins/AnonymousFave/anonfavor.php b/plugins/AnonymousFave/anonfavor.php index c972f202e..58570ced9 100644 --- a/plugins/AnonymousFave/anonfavor.php +++ b/plugins/AnonymousFave/anonfavor.php @@ -54,14 +54,7 @@ class AnonFavorAction extends RedirectingAction { parent::handle($args); - $anon = $_SESSION['anon_nickname']; - $profile = Profile::staticGet('nickname', $anon); - - if (empty($profile)) { - common_debug( - "AnonFavorAction - Anon user tried to fave a notice but doesn't have a profile." - ); - } + $profile = AnonymousFavePlugin::getAnonProfile(); if (empty($profile) || $_SERVER['REQUEST_METHOD'] != 'POST') { $this->clientError( |