Action gatekeeper added to add and remove friends.

git-svn-id: https://code.elgg.org/elgg/trunk@3349 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/actions/friends/add.php b/actions/friends/add.php
index 9dd8397bc567cb26fa181c5e65fbb6b941576093..74238b3a0cda994044db5c4b7a72a22b74471015 100644 (file)
--- a/actions/friends/add.php
+++ b/actions/friends/add.php
@@ -12,7 +12,8 @@
         */\r
 \r
        // Ensure we are logged in\r
-               gatekeeper();\r
+               gatekeeper();
+               action_gatekeeper();\r
                \r
        // Get the GUID of the user to friend\r
                $friend_guid = get_input('friend');\r

diff --git a/actions/friends/remove.php b/actions/friends/remove.php
index debb0f7c200793df92acb21cf63238c7f0cce231..ef0cdb46e0501e921169efd06c44a46fe32988ed 100644 (file)
--- a/actions/friends/remove.php
+++ b/actions/friends/remove.php
@@ -12,7 +12,8 @@
         */\r
 \r
        // Ensure we are logged in\r
-               gatekeeper();\r
+               gatekeeper();
+               action_gatekeeper();\r
                \r
        // Get the GUID of the user to friend\r
                $friend_guid = get_input('friend');\r

diff --git a/mod/profile/views/default/profile/menu/actions.php b/mod/profile/views/default/profile/menu/actions.php
index d348831c1f3b7b1db4e2dfee13f9ef4c7a116285..2c26e28146fdae691bd9f2e5d943fb73eb34eade 100644 (file)
--- a/mod/profile/views/default/profile/menu/actions.php
+++ b/mod/profile/views/default/profile/menu/actions.php
@@ -13,11 +13,15 @@
         */\r
 \r
        if (isloggedin()) {\r
-               if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) {\r
+               if ($_SESSION['user']->getGUID() != $vars['entity']->getGUID()) {
+                       
+                       $ts = time();
+                       $token = generate_action_token($ts);
+                                       \r
                        if ($vars['entity']->isFriend()) {\r
-                               echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:remove") . "</a></p>";\r
+                               echo "<p class=\"user_menu_removefriend\"><a href=\"{$vars['url']}action/friends/remove?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:remove") . "</a></p>";\r
                        } else {\r
-                               echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}\">" . elgg_echo("friend:add") . "</a></p>";\r
+                               echo "<p class=\"user_menu_addfriend\"><a href=\"{$vars['url']}action/friends/add?friend={$vars['entity']->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\">" . elgg_echo("friend:add") . "</a></p>";\r
                        }\r
                }\r
        }\r