From f3dfeeeb263ea9456b21e07b84dc7a01d2d17b98 Mon Sep 17 00:00:00 2001
From: Javyer DerDerian <javierder@gmail.com>
Date: Mon, 23 Feb 2015 15:22:14 -0300
Subject: [PATCH] fix breach in award points that allows user to award infinite
 points / extra fix

---
 forum/views/users.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/forum/views/users.py b/forum/views/users.py
index 786320c..adf9b59 100644
--- a/forum/views/users.py
+++ b/forum/views/users.py
@@ -220,7 +220,7 @@ def award_points(request, id):
 
     extra = dict(message=request.POST.get('message', ''), awarding_user=request.user.id, value=points)
 
-    BonusRepAction(user=user, extra=extra).save(data=dict(value=points, affected=user))
+    BonusRepAction(user=request.user, extra=extra).save(data=dict(value=points, affected=user))
 
     return {'commands': {
             'update_profile_karma': [user.reputation]
-- 
2.39.5