From: Willi Eggeling <thewilli@gmail.com>
Date: Sun, 27 Aug 2017 17:19:59 +0000 (+0200)
Subject: fixed link deletion
X-Git-Tag: v0.9.4~7^2~8^2
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=a74f52a8d206a6d5c3fe27667f1633bf2fc1374d;p=github%2Fshaarli%2FShaarli.git

fixed link deletion

When deleting links, the js of the default theme separated ids by an escaped space ('+').
There was a trailing '+' after the ids which led to the php code detecting multiple values
even for single values. In combination with the id '0' this could led to no id found at all
and a resulting php error.

this commit fixes the behavior and adds an additional error handling and trimming to the php code.
---

diff --git a/index.php b/index.php
index 7df6d819..b2f4ded5 100644
--- a/index.php
+++ b/index.php
@@ -1320,10 +1320,17 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
             die('Wrong token.');
         }
 
-        if (strpos($_GET['lf_linkdate'], ' ') !== false) {
-            $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
+        $ids = trim($_GET['lf_linkdate']);
+        if (strpos($ids, ' ') !== false) {
+            // multiple, space-separated ids provided
+            $ids = array_values(array_filter(preg_split('/\s+/', escape($ids))));
         } else {
-            $ids = [$_GET['lf_linkdate']];
+            // only a single id provided
+            $ids = [$ids];
+        }
+        // assert at least one id is given
+        if(!count($ids)){
+            die('no id provided');
         }
         foreach ($ids as $id) {
             $id = (int) escape($id);
diff --git a/tpl/default/js/shaarli.js b/tpl/default/js/shaarli.js
index 4f49affa..f38ba62f 100644
--- a/tpl/default/js/shaarli.js
+++ b/tpl/default/js/shaarli.js
@@ -401,14 +401,14 @@ window.onload = function () {
 
             var message = 'Are you sure you want to delete '+ links.length +' links?\n';
             message += 'This action is IRREVERSIBLE!\n\nTitles:\n';
-            var ids = '';
+            var ids = [];
             links.forEach(function(item) {
                 message += '  - '+ item['title'] +'\n';
-                ids += item['id'] +'+';
+                ids.push(item['id']);
             });
 
             if (window.confirm(message)) {
-                window.location = '?delete_link&lf_linkdate='+ ids +'&token='+ token.value;
+                window.location = '?delete_link&lf_linkdate='+ ids.join('+') +'&token='+ token.value;
             }
         });
     }