Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

! How did I forget a security check? (per #804)

Signed-off-by: Peter Spicer <[email protected]>
Peter Spicer 10 years ago
parent
807a6f6ec6
commit
4fc59a0173
3 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 1 0
      Sources/Likes.php
  2. 1 1
      Themes/default/Display.template.php
  3. 1 1
      index.php

+ 1 - 0
Sources/Likes.php
View File 

@@ -104,6 +104,7 @@ function Likes()
 
 	{
 
 		// Only registered users may actually like content.
 
 		is_not_guest();
 
+		checkSession('get');
 
 		issueLike($like_type, $like_content);
 
 	}
 
 }

+ 1 - 1
Themes/default/Display.template.php
View File 

@@ -552,7 +552,7 @@ function template_main()
 
 		if (!empty($message['likes']['can_like']))
 
 		{
 
 			echo '
 
-									<li class="like_button"><a href="', $scripturl, '?action=likes;ltype=msg;like=', $message['id'], '"><span class="', $message['likes']['you'] ? 'unlike' : 'like', '"></span>', $message['likes']['you'] ? $txt['unlike'] : $txt['like'], '</a></li>';
 
+									<li class="like_button"><a href="', $scripturl, '?action=likes;ltype=msg;like=', $message['id'], ';', $context['session_var'], '=', $context['session_id'], '"><span class="', $message['likes']['you'] ? 'unlike' : 'like', '"></span>', $message['likes']['you'] ? $txt['unlike'] : $txt['like'], '</a></li>';
 
 		}
 
 
 		if (!empty($message['likes']['count']))

+ 1 - 1
index.php
View File 

@@ -341,7 +341,7 @@ function smf_main()
 
 		'sticky' => array('Topic.php', 'Sticky'),
 
 		'theme' => array('Themes.php', 'ThemesMain'),
 
 		'trackip' => array('Profile-View.php', 'trackIP'),
 
-		'about:unknown' => array('Karma.php', 'BookOfUnknown'),
 
+		'about:unknown' => array('Likes.php', 'BookOfUnknown'),
 
 		'unread' => array('Recent.php', 'UnreadTopics'),
 
 		'unreadreplies' => array('Recent.php', 'UnreadTopics'),
 
 		'unwatchtopic' => array('Notify.php', 'TopicUnwatch'),