aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--application/Router.php6
-rw-r--r--index.php16
-rw-r--r--tpl/linklist.html2
3 files changed, 15 insertions, 9 deletions
diff --git a/application/Router.php b/application/Router.php
index caed4a28..c9a51912 100644
--- a/application/Router.php
+++ b/application/Router.php
@@ -31,6 +31,8 @@ class Router
31 31
32 public static $PAGE_EDITLINK = 'edit_link'; 32 public static $PAGE_EDITLINK = 'edit_link';
33 33
34 public static $PAGE_DELETELINK = 'delete_link';
35
34 public static $PAGE_EXPORT = 'export'; 36 public static $PAGE_EXPORT = 'export';
35 37
36 public static $PAGE_IMPORT = 'import'; 38 public static $PAGE_IMPORT = 'import';
@@ -120,6 +122,10 @@ class Router
120 return self::$PAGE_EDITLINK; 122 return self::$PAGE_EDITLINK;
121 } 123 }
122 124
125 if (isset($get['delete_link'])) {
126 return self::$PAGE_DELETELINK;
127 }
128
123 if (startsWith($query, 'do='. self::$PAGE_EXPORT)) { 129 if (startsWith($query, 'do='. self::$PAGE_EXPORT)) {
124 return self::$PAGE_EXPORT; 130 return self::$PAGE_EXPORT;
125 } 131 }
diff --git a/index.php b/index.php
index bb1debd3..2ed14d4f 100644
--- a/index.php
+++ b/index.php
@@ -1316,21 +1316,21 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1316 } 1316 }
1317 1317
1318 // -------- User clicked the "Delete" button when editing a link: Delete link from database. 1318 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
1319 if (isset($_POST['delete_link'])) 1319 if ($targetPage == Router::$PAGE_DELETELINK)
1320 { 1320 {
1321 if (!tokenOk($_POST['token'])) die('Wrong token.');
1322
1323 // We do not need to ask for confirmation: 1321 // We do not need to ask for confirmation:
1324 // - confirmation is handled by JavaScript 1322 // - confirmation is handled by JavaScript
1325 // - we are protected from XSRF by the token. 1323 // - we are protected from XSRF by the token.
1326 1324
1327 // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed. 1325 if (! tokenOk($_GET['token'])) {
1328 $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate'])); 1326 die('Wrong token.');
1329 1327 }
1330 $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
1331 1328
1329 $id = intval(escape($_GET['lf_linkdate']));
1330 $link = $LINKSDB[$id];
1331 $pluginManager->executeHooks('delete_link', $link);
1332 unset($LINKSDB[$id]); 1332 unset($LINKSDB[$id]);
1333 $LINKSDB->save('resource.page_cache'); // save to disk 1333 $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
1334 1334
1335 // If we are called from the bookmarklet, we must close the popup: 1335 // If we are called from the bookmarklet, we must close the popup:
1336 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } 1336 if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
diff --git a/tpl/linklist.html b/tpl/linklist.html
index 0f1a5e8c..d4232342 100644
--- a/tpl/linklist.html
+++ b/tpl/linklist.html
@@ -84,7 +84,7 @@
84 <input type="hidden" name="edit_link" value="{$value.id}"> 84 <input type="hidden" name="edit_link" value="{$value.id}">
85 <input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit"> 85 <input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit">
86 </form><br> 86 </form><br>
87 <form method="POST" class="buttoneditform"> 87 <form method="GET" class="buttoneditform">
88 <input type="hidden" name="lf_linkdate" value="{$value.id}"> 88 <input type="hidden" name="lf_linkdate" value="{$value.id}">
89 <input type="hidden" name="token" value="{$token}"> 89 <input type="hidden" name="token" value="{$token}">
90 <input type="hidden" name="delete_link"> 90 <input type="hidden" name="delete_link">