Skip to:
Content

BuddyPress.org

Ticket #5319: ajax.php.patch

File ajax.php.patch, 526 bytes (added by megainfo, 10 years ago)

Patch for default theme

  • ajax.php

     
    638638        // Cast fid as an integer
    639639        $friend_id = (int) $_POST['fid'];
    640640
     641        // Prevent POST request from member to himself
     642        if ( bp_loggedin_user_id() == $friend_id )
     643                exit();
     644       
    641645        // Trying to cancel friendship
    642646        if ( 'is_friend' == BP_Friends_Friendship::check_is_friend( bp_loggedin_user_id(), $friend_id ) ) {
    643647                check_ajax_referer( 'friends_remove_friend' );