fix breach in award points that allows user to award infinite points / extra fix

author Javyer DerDerian <javierder@gmail.com>

Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)

committer Javyer DerDerian <javierder@gmail.com>

Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)
author Javyer DerDerian <javierder@gmail.com>
Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)
committer Javyer DerDerian <javierder@gmail.com>
Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)
diff --git a/forum/views/users.py b/forum/views/users.py

index 786320ca9608b08414e1eef47ec12642e5331316..adf9b5959d2f9ebca8a31f6b9077c33116dc487a 100644 (file)
--- a/forum/views/users.py
+++ b/forum/views/users.py
@@ -220,7 +220,7 @@ def award_points(request, id):
  
      extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)
  
-    BonusRepAction(user=user, extra=extra).save(data=dict(value=points, affected=user))
+    BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))
  
      return {'commands': {
              'update_profile_karma': [user.reputation]
author	Javyer DerDerian <javierder@gmail.com>
	Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)
committer	Javyer DerDerian <javierder@gmail.com>
	Mon, 23 Feb 2015 18:22:14 +0000 (15:22 -0300)