X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=40539a04666c1c16acbad9c604a5e7a2cef48cc0;hb=8b27824338eb445d69730c9b05f05b131ccea52f;hp=fb8b96b56cce50166fa786511339e99b9b6d1b86;hpb=7481dd6e66c132ae064613de19e73dab0ca2de19;p=github%2Fshaarli%2FShaarli.git

diff --git a/index.php b/index.php
index fb8b96b5..40539a04 100644
--- a/index.php
+++ b/index.php
@@ -1311,18 +1311,21 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
     // -------- User clicked the "Delete" button when editing a link: Delete link from database.
     if ($targetPage == Router::$PAGE_DELETELINK)
     {
-        // We do not need to ask for confirmation:
-        // - confirmation is handled by JavaScript
-        // - we are protected from XSRF by the token.
-
         if (! tokenOk($_GET['token'])) {
             die('Wrong token.');
         }
 
-        $id = intval(escape($_GET['lf_linkdate']));
-        $link = $LINKSDB[$id];
-        $pluginManager->executeHooks('delete_link', $link);
-        unset($LINKSDB[$id]);
+        if (strpos($_GET['lf_linkdate'], ' ') !== false) {
+            $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
+        } else {
+            $ids = [$_GET['lf_linkdate']];
+        }
+        foreach ($ids as $id) {
+            $id = (int) escape($id);
+            $link = $LINKSDB[$id];
+            $pluginManager->executeHooks('delete_link', $link);
+            unset($LINKSDB[$id]);
+        }
         $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
         $history->deleteLink($link);