Yes #4719 fixes it client side. But it still is able to be manipulated server side. I demonstrated by continuing to do so on above UNA page. People who want to do harm to sites, especially if you get to the point you are having decent size daily hits, script kiddie hackers look for ways to manipulate everything. My team found this easily, because the mechanism relies on JavaScript, with no server side checks. I can still easily manipulate reactions by sending the calls manually.

I just took the UNA one up to 20 angry faces.

I know at times I can be over zealous, but I mean well. I get frustrated when I can't find something, because I'm not a vet UNA developer. And although php is very simple, I spent last 10 years with my nose in java and android development. I'm readjusting. And I don't mean to sound negative, I just understand that a site that gets any popularity will also get the attention of those trying to hack in any way they can to disrupt site function. I know this because on my team I have a kid who does this regularly, server penetration and website vulnerability testing. That is not my area of expertise. 😉

I would suggest a check server side.

@LeonidS @PetsNexxt thank you for your responses. 😁👍