File tree Expand file tree Collapse file tree 2 files changed +21
-2
lines changed Expand file tree Collapse file tree 2 files changed +21
-2
lines changed Original file line number Diff line number Diff line change 4
4
use Chamilo \CoreBundle \Entity \Message ;
5
5
use Chamilo \CoreBundle \Entity \MessageFeedback ;
6
6
use ChamiloSession as Session ;
7
+ use Symfony \Component \HttpFoundation \JsonResponse ;
7
8
8
9
/**
9
10
* Responses to AJAX calls.
61
62
echo '' ;
62
63
break ;
63
64
}
64
- $ my_delete_friend = (int ) $ _POST ['delete_friend_id ' ];
65
+
66
+ if (!Security::check_token ('post ' , null , 'social ' )) {
67
+ exit ;
68
+ }
69
+
65
70
if (isset ($ _POST ['delete_friend_id ' ])) {
71
+ $ my_delete_friend = (int ) $ _POST ['delete_friend_id ' ];
66
72
SocialManager::remove_user_rel_user ($ my_delete_friend );
73
+
74
+ JsonResponse::create ([
75
+ 'secToken ' => Security::get_token ('social ' ),
76
+ ])->send ();
77
+ break ;
67
78
}
68
79
break ;
69
80
case 'show_my_friends ' :
Original file line number Diff line number Diff line change 17
17
$ this_section = SECTION_SOCIAL ;
18
18
19
19
$ htmlHeadXtra [] = '<script>
20
+ var socialSecToken = " ' .Security::get_token ('social ' ).'";
21
+
20
22
function delete_friend (element_div) {
21
23
id_image = $(element_div).attr("id");
22
24
user_id = id_image.split("_");
@@ -26,8 +28,14 @@ function delete_friend (element_div) {
26
28
type: "POST",
27
29
url: " ' .api_get_path (WEB_AJAX_PATH ).'social.ajax.php?a=delete_friend",
28
30
data: "delete_friend_id="+user_id[1],
29
- success: function(datos) {
31
+ data: {
32
+ "delete_friend_id": user_id[1],
33
+ "social_sec_token": socialSecToken,
34
+ },
35
+ success: function(data) {
30
36
$("#user_card_"+user_id[1]).hide("slow");
37
+
38
+ socialSecToken = data.secToken;
31
39
}
32
40
});
33
41
}
You can’t perform that action at this time.
0 commit comments