Fix #3813: Favorite limit can be bypassed.

app/controllers/favorites_controller.rb

@@ -1,6 +1,6 @@
 class FavoritesController < ApplicationController
   before_action :member_only, except: [:index]
-  respond_to :html, :xml, :json
+  respond_to :html, :xml, :json, :js
   skip_before_action :api_check
 
   def index
@@ -24,23 +24,10 @@ class FavoritesController < ApplicationController
   end
 
   def create
-    if CurrentUser.favorite_limit.nil? || CurrentUser.favorite_count < CurrentUser.favorite_limit
-      @post = Post.find(params[:post_id])
-      @post.add_favorite!(CurrentUser.user)
-    else
-      @error_msg = "You can only keep up to #{CurrentUser.favorite_limit} favorites. Upgrade your account to save more."
-    end
+    @post = Post.find(params[:post_id])
+    @post.add_favorite!(CurrentUser.user)
 
-    respond_with(@post) do |format|
-      format.js
-      format.json do
-        if @post
-          render :json => {:success => true}.to_json
-        else
-          render :json => {:success => false, :reason => @error_msg}.to_json, :status => 422
-        end
-      end
-    end
+    respond_with(@post)
   end
 
   def destroy
@@ -52,11 +39,6 @@ class FavoritesController < ApplicationController
       Favorite.remove(post_id: params[:id], user: CurrentUser.user)
     end
 
-    respond_with(@post) do |format|
-      format.js
-      format.json do
-        render :json => {:success => true}.to_json
-      end
-    end
+    respond_with(@post)
   end
 end