diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-01-03 14:42:43 +0100 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-01-03 14:42:43 +0100 |
commit | 6a6aa2b96da86f100089c643e905aede5260c8c8 (patch) | |
tree | cedc050118102a81f0fec538e9e101f6086a1d4d /index.php | |
parent | defc8a3f033a44602c598c2028a9ee3ee2a86d1d (diff) | |
download | Shaarli-6a6aa2b96da86f100089c643e905aede5260c8c8.tar.gz Shaarli-6a6aa2b96da86f100089c643e905aede5260c8c8.tar.zst Shaarli-6a6aa2b96da86f100089c643e905aede5260c8c8.zip |
Fixes #428: validate buttons presence instead of value
Also adds a validation where renaming with 'fromtag' specified and empty 'totag'.
It was causing a 404, now it just re-render the form.
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -1453,19 +1453,20 @@ function renderPage() | |||
1453 | // -------- User wants to rename a tag or delete it | 1453 | // -------- User wants to rename a tag or delete it |
1454 | if ($targetPage == Router::$PAGE_CHANGETAG) | 1454 | if ($targetPage == Router::$PAGE_CHANGETAG) |
1455 | { | 1455 | { |
1456 | if (empty($_POST['fromtag'])) | 1456 | if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { |
1457 | { | 1457 | $PAGE->assign('linkcount', count($LINKSDB)); |
1458 | $PAGE->assign('linkcount',count($LINKSDB)); | 1458 | $PAGE->assign('token', getToken()); |
1459 | $PAGE->assign('token',getToken()); | ||
1460 | $PAGE->assign('tags', $LINKSDB->allTags()); | 1459 | $PAGE->assign('tags', $LINKSDB->allTags()); |
1461 | $PAGE->renderPage('changetag'); | 1460 | $PAGE->renderPage('changetag'); |
1462 | exit; | 1461 | exit; |
1463 | } | 1462 | } |
1464 | if (!tokenOk($_POST['token'])) die('Wrong token.'); | 1463 | |
1464 | if (!tokenOk($_POST['token'])) { | ||
1465 | die('Wrong token.'); | ||
1466 | } | ||
1465 | 1467 | ||
1466 | // Delete a tag: | 1468 | // Delete a tag: |
1467 | if (!empty($_POST['deletetag']) && !empty($_POST['fromtag'])) | 1469 | if (isset($_POST['deletetag']) && !empty($_POST['fromtag'])) { |
1468 | { | ||
1469 | $needle=trim($_POST['fromtag']); | 1470 | $needle=trim($_POST['fromtag']); |
1470 | $linksToAlter = $LINKSDB->filterTags($needle,true); // True for case-sensitive tag search. | 1471 | $linksToAlter = $LINKSDB->filterTags($needle,true); // True for case-sensitive tag search. |
1471 | foreach($linksToAlter as $key=>$value) | 1472 | foreach($linksToAlter as $key=>$value) |
@@ -1481,8 +1482,7 @@ function renderPage() | |||
1481 | } | 1482 | } |
1482 | 1483 | ||
1483 | // Rename a tag: | 1484 | // Rename a tag: |
1484 | if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) | 1485 | if (isset($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) { |
1485 | { | ||
1486 | $needle=trim($_POST['fromtag']); | 1486 | $needle=trim($_POST['fromtag']); |
1487 | $linksToAlter = $LINKSDB->filterTags($needle,true); // true for case-sensitive tag search. | 1487 | $linksToAlter = $LINKSDB->filterTags($needle,true); // true for case-sensitive tag search. |
1488 | foreach($linksToAlter as $key=>$value) | 1488 | foreach($linksToAlter as $key=>$value) |