When deleting links, the js of the default theme separated ids by an escaped space ('+').
There was a trailing '+' after the ids which led to the php code detecting multiple values
even for single values. In combination with the id '0' this could led to no id found at all
and a resulting php error.
this commit fixes the behavior and adds an additional error handling and trimming to the php code.
die('Wrong token.');
}
- if (strpos($_GET['lf_linkdate'], ' ') !== false) {
- $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
+ $ids = trim($_GET['lf_linkdate']);
+ if (strpos($ids, ' ') !== false) {
+ // multiple, space-separated ids provided
+ $ids = array_values(array_filter(preg_split('/\s+/', escape($ids))));
} else {
- $ids = [$_GET['lf_linkdate']];
+ // only a single id provided
+ $ids = [$ids];
+ }
+ // assert at least one id is given
+ if(!count($ids)){
+ die('no id provided');
}
foreach ($ids as $id) {
$id = (int) escape($id);
var message = 'Are you sure you want to delete '+ links.length +' links?\n';
message += 'This action is IRREVERSIBLE!\n\nTitles:\n';
- var ids = '';
+ var ids = [];
links.forEach(function(item) {
message += ' - '+ item['title'] +'\n';
- ids += item['id'] +'+';
+ ids.push(item['id']);
});
if (window.confirm(message)) {
- window.location = '?delete_link&lf_linkdate='+ ids +'&token='+ token.value;
+ window.location = '?delete_link&lf_linkdate='+ ids.join('+') +'&token='+ token.value;
}
});
}