JoshSalverdaHey, there's a bug in your code that allows someone to vote down a post even if the option isn't available on the web site. For example, the normal vote code looks like:
vote(obj, votelinkobj, aftervote, postID ,userID, baseURL)
and the sink code:
sink(obj, votelinkobj, aftervote, postID ,userID, baseURL)
So now, let's assume for a moment that I'm a l33t hax0r who wants to sabotage someone's web site... I could inject some JS code (using Firebug's console) to call some JS functions that I normally can't call on the web site, which results in something like:
sink(null, null, null, postID, 0, baseURL)
which would call the sink() function and decrement the vote count by one. Ok, cool, so I have sabotaged the vote count by -1 W00t! But I'm not satisfied... so now what to do...
for(var i = 0; i < 100; i++) { sink(null, null, null, postID, 0, baseURL) }
Sweet... I've just decremented the vote count by -100.
You should probably fix this before a real l33t hax0r finds this and it turns into a big problem.
