Remove CSRF protection from username/password login and from OpenID login.

[quix0rs-gnu-social.git] / actions / apitimelinefavorites.php

diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php
index 8cb2e808de0c350ceb74ebb70f57e70afdfe106d..7228960c0b48bfef8262366987ad7a3954a75407 100644 (file)
--- a/actions/apitimelinefavorites.php
+++ b/actions/apitimelinefavorites.php
@@ -25,6 +25,7 @@
  * @author    Evan Prodromou <evan@status.net>
  * @author    Zach Copley <zach@status.net>
  * @copyright 2009-2010 StatusNet, Inc.
+ * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link      http://status.net/
  */
@@ -150,7 +151,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction
 
             header('Content-Type: application/atom+xml; charset=utf-8');
 
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
 
             $atom->setId($id);
             $atom->setTitle($title);
@@ -185,17 +186,23 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction
     {
         $notices = array();
 
+        common_debug("since id = " . $this->since_id . " max id = " . $this->max_id);
+
         if (!empty($this->auth_user) && $this->auth_user->id == $this->user->id) {
             $notice = $this->user->favoriteNotices(
+                true,
                 ($this->page-1) * $this->count,
                 $this->count,
-                true
+                $this->since_id,
+                $this->max_id
             );
         } else {
             $notice = $this->user->favoriteNotices(
+                false,
                 ($this->page-1) * $this->count,
                 $this->count,
-                false
+                $this->since_id,
+                $this->max_id
             );
         }