From: Javyer DerDerian Date: Mon, 23 Feb 2015 18:22:14 +0000 (-0300) Subject: fix breach in award points that allows user to award infinite points / extra fix X-Git-Tag: live~16 X-Git-Url: https://git.openstreetmap.org./osqa.git/commitdiff_plain/f3dfeeeb263ea9456b21e07b84dc7a01d2d17b98?ds=inline fix breach in award points that allows user to award infinite points / extra fix --- diff --git a/forum/views/users.py b/forum/views/users.py index 786320c..adf9b59 100644 --- a/forum/views/users.py +++ b/forum/views/users.py @@ -220,7 +220,7 @@ def award_points(request, id): extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points) - BonusRepAction(user=user, extra=extra).save(data=dict(value=points, affected=user)) + BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user)) return {'commands': { 'update_profile_karma': [user.reputation]