From f79f44801cfd76b7e9e4cbfb94917bc8b395a886 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Wed, 29 Sep 2010 15:52:18 -0700
Subject: - Lookup anon profiles by ID (safer because they are guranteed to be
 unique) and probably faster - Obfuscate the anonymous user session token to
 make it hard to figure out the profile ID

---
 plugins/AnonymousFave/anonfavor.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'plugins/AnonymousFave/anonfavor.php')

diff --git a/plugins/AnonymousFave/anonfavor.php b/plugins/AnonymousFave/anonfavor.php
index c972f202e..58570ced9 100644
--- a/plugins/AnonymousFave/anonfavor.php
+++ b/plugins/AnonymousFave/anonfavor.php
@@ -54,14 +54,7 @@ class AnonFavorAction extends RedirectingAction
     {
         parent::handle($args);
 
-        $anon = $_SESSION['anon_nickname'];
-        $profile = Profile::staticGet('nickname', $anon);
-
-        if (empty($profile)) {
-            common_debug(
-                "AnonFavorAction - Anon user tried to fave a notice but doesn't have a profile."
-            );
-        }
+        $profile = AnonymousFavePlugin::getAnonProfile();
 
         if (empty($profile) || $_SERVER['REQUEST_METHOD'] != 'POST') {
             $this->clientError(
-- 
cgit v1.2.3-54-g00ecf