X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=0ef3363354e54f69a958092fafaf5d7ba619855f;hb=10a7b5cee96a742fbe86edbea977f3c55c92e9aa;hp=4b86a3e2c17ece7338ad04646cedee6150bbbd47;hpb=1c88a7b33e90ba3e33d88b148c086bc298126332;p=github%2Fshaarli%2FShaarli.git

diff --git a/index.php b/index.php
index 4b86a3e2..0ef33633 100644
--- a/index.php
+++ b/index.php
@@ -1084,7 +1084,8 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
             die(t('Wrong token.'));
         }
 
-        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), escape($_POST['totag']));
+        $toTag = isset($_POST['totag']) ? escape($_POST['totag']) : null;
+        $alteredLinks = $LINKSDB->renameTag(escape($_POST['fromtag']), $toTag);
         $LINKSDB->save($conf->get('resource.page_cache'));
         foreach ($alteredLinks as $link) {
             $history->updateLink($link);
@@ -1236,10 +1237,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
             $id = (int) escape($id);
             $link = $LINKSDB[$id];
             $pluginManager->executeHooks('delete_link', $link);
+            $history->deleteLink($link);
             unset($LINKSDB[$id]);
         }
         $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
-        $history->deleteLink($link);
 
         // If we are called from the bookmarklet, we must close the popup:
         if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
@@ -1858,6 +1859,7 @@ $app->group('/api/v1', function() {
 })->add('\Shaarli\Api\ApiMiddleware');
 
 $response = $app->run(true);
+
 // Hack to make Slim and Shaarli router work together:
 // If a Slim route isn't found and NOT API call, we call renderPage().
 if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1865,5 +1867,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
     header('Content-Type: text/html; charset=utf-8');
     renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
 } else {
+    $response = $response
+        ->withHeader('Access-Control-Allow-Origin', '*')
+        ->withHeader(
+            'Access-Control-Allow-Headers',
+            'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+        )
+        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     $app->respond($response);
 }