Fixes #3497 users can unlike other users content

git-svn-id: http://code.elgg.org/elgg/trunk@9132 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/mod/likes/actions/likes/add.php b/mod/likes/actions/likes/add.php
index f564938641045c519d6bbe756f82fa368057bb1a..7ccb19d922e3dd3977e09685e180f6709ebbb8a3 100644 (file)
--- a/mod/likes/actions/likes/add.php
+++ b/mod/likes/actions/likes/add.php
@@ -18,7 +18,7 @@ if (!$entity) {
        forward(REFERER);
 }
 
-// cannot like your own stuff
+// limit likes through a plugin hook (to prevent liking your own content for example)
 if (!$entity->canAnnotate(0, 'likes')) {
        // plugins should register the error message to explain why liking isn't allowed
        forward(REFERER);

diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php
index 867d5dfef94246f517c5aa6373d2c1d8e1a2080c..db3036bb46ce7377b9f349baf838caeeae3e82dd 100644 (file)
--- a/mod/likes/actions/likes/delete.php
+++ b/mod/likes/actions/likes/delete.php
@@ -4,26 +4,18 @@
  *
  */
 
-// Ensure we're logged in
-if (!elgg_is_logged_in()) {
-       forward();
-}
-
-// Make sure we can get the comment in question
-$annotation_id = (int) get_input('annotation_id');
-if ($likes = elgg_get_annotation_from_id($annotation_id)) {
-
-       $entity = get_entity($likes->entity_guid);
-
-       if ($likes->canEdit()) {
-               $likes->delete();
+$likes = elgg_get_annotations(array(
+       'guid' => (int) get_input('guid'),
+       'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
+       'annotation_name' => 'likes',
+));
+if ($likes) {
+       if ($likes[0]->canEdit()) {
+               $likes[0]->delete();
                system_message(elgg_echo("likes:deleted"));
                forward(REFERER);
        }
-
-} else {
-       $url = "";
 }
 
 register_error(elgg_echo("likes:notdeleted"));
-forward(REFERER);
\ No newline at end of file
+forward(REFERER);

diff --git a/mod/likes/views/default/likes/display.php b/mod/likes/views/default/likes/display.php
index cbfe46078001b394c195e18bbce3dbf0e646f6e2..2dc50ddd0179f2189c48ba870c626eaaa8258ecb 100644 (file)
--- a/mod/likes/views/default/likes/display.php
+++ b/mod/likes/views/default/likes/display.php
@@ -28,8 +28,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
                        'annotation_name' => 'likes',
                        'owner_guid' => elgg_get_logged_in_user_guid()
                );
-               $likes = elgg_get_annotations($options);
-               $url = elgg_get_site_url() . "action/likes/delete?annotation_id={$likes[0]->id}";
+               $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
                $params = array(
                        'href' => $url,
                        'text' => elgg_view_icon('thumbs-up-alt'),