X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=2ed14d4f2f3ac67ed6bd5e041fc434b27a7aa050;hb=fc11ab2f290a3712b766d78fdbcd354625a35d0a;hp=bb1debd3f515bcd5bf2a3b892b3b60890812c092;hpb=061f04fba06d2a78246de747e2bdd5625fc22400;p=github%2Fshaarli%2FShaarli.git

diff --git a/index.php b/index.php
index bb1debd3..2ed14d4f 100644
--- a/index.php
+++ b/index.php
@@ -1316,21 +1316,21 @@ function renderPage($conf, $pluginManager, $LINKSDB)
     }
 
     // -------- User clicked the "Delete" button when editing a link: Delete link from database.
-    if (isset($_POST['delete_link']))
+    if ($targetPage == Router::$PAGE_DELETELINK)
     {
-        if (!tokenOk($_POST['token'])) die('Wrong token.');
-
         // We do not need to ask for confirmation:
         // - confirmation is handled by JavaScript
         // - we are protected from XSRF by the token.
 
-        // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
-        $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
-
-        $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
+        if (! tokenOk($_GET['token'])) {
+            die('Wrong token.');
+        }
 
+        $id = intval(escape($_GET['lf_linkdate']));
+        $link = $LINKSDB[$id];
+        $pluginManager->executeHooks('delete_link', $link);
         unset($LINKSDB[$id]);
-        $LINKSDB->save('resource.page_cache'); // save to disk
+        $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
 
         // If we are called from the bookmarklet, we must close the popup:
         if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }