3 files changed, 15 insertions, 9 deletions
diff --git a/application/Router.php b/application/Router.php
index caed4a28..c9a51912 100644
--- a/application/Router.php
+++ b/application/Router.php
@@ -31,6 +31,8 @@ class Router
    public static $PAGE_EDITLINK = 'edit_link';
+    public static $PAGE_DELETELINK = 'delete_link';
    public static $PAGE_EXPORT = 'export';
    public static $PAGE_IMPORT = 'import';
@@ -120,6 +122,10 @@ class Router
            return self::$PAGE_EDITLINK;
        }
+        if (isset($get['delete_link'])) {
+            return self::$PAGE_DELETELINK;
+        }
        if (startsWith($query, 'do='. self::$PAGE_EXPORT)) {
            return self::$PAGE_EXPORT;
        }
diff --git a/index.php b/index.php
index 84282b8d..c4c0d15a 100644
--- a/index.php
+++ b/index.php
@@ -1314,18 +1314,19 @@ function renderPage($conf, $pluginManager)
    }
    // -------- User clicked the "Delete" button when editing a link: Delete link from database.
-    if (isset($_POST['delete_link']))
+    if ($targetPage == Router::$PAGE_DELETELINK)
    {
-        if (!tokenOk($_POST['token'])) die('Wrong token.');
+        if (!tokenOk($_GET['token'])) die('Wrong token.');
        // We do not need to ask for confirmation:
        // - confirmation is handled by JavaScript
        // - we are protected from XSRF by the token.
-        $linkdate=$_POST['lf_linkdate'];
+        $linkdate = $_GET['delete_link'];
+        $link = $LINKSDB[$linkdate];
-        $pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);
+        
+        $pluginManager->executeHooks('delete_link', $link);
        unset($LINKSDB[$linkdate]);
-        $LINKSDB->save('resource.page_cache'); // save to disk
+        $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }
diff --git a/tpl/linklist.html b/tpl/linklist.html
index 9782cff6..70c9cf79 100644
--- a/tpl/linklist.html
+++ b/tpl/linklist.html
@@ -86,10 +86,9 @@
                            <input type="hidden" name="edit_link" value="{$value.linkdate}">
                            <input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit">
                        </form><br>
-                        <form method="POST" class="buttoneditform">
+                        <form method="GET" class="buttoneditform">
-                            <input type="hidden" name="lf_linkdate" value="{$value.linkdate}">
                            <input type="hidden" name="token" value="{$token}">
-                            <input type="hidden" name="delete_link">
+                            <input type="hidden" name="delete_link" value="{$value.linkdate}">
                            <input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete"
                                   class="button_delete" onClick="return confirmDeleteLink();">
                        </form>

diff --git a/application/Router.php b/application/Router.php index caed4a28..c9a51912 100644 --- a/application/Router.php +++ b/application/Router.php
@@ -31,6 +31,8 @@ class Router
31		31
32	public static $PAGE_EDITLINK = 'edit_link';	32	public static $PAGE_EDITLINK = 'edit_link';
33		33
		34	public static $PAGE_DELETELINK = 'delete_link';
		35
34	public static $PAGE_EXPORT = 'export';	36	public static $PAGE_EXPORT = 'export';
35		37
36	public static $PAGE_IMPORT = 'import';	38	public static $PAGE_IMPORT = 'import';
@@ -120,6 +122,10 @@ class Router
120	return self::$PAGE_EDITLINK;	122	return self::$PAGE_EDITLINK;
121	}	123	}
122		124
		125	if (isset($get['delete_link'])) {
		126	return self::$PAGE_DELETELINK;
		127	}
		128
123	if (startsWith($query, 'do='. self::$PAGE_EXPORT)) {	129	if (startsWith($query, 'do='. self::$PAGE_EXPORT)) {
124	return self::$PAGE_EXPORT;	130	return self::$PAGE_EXPORT;
125	}	131	}


diff --git a/index.php b/index.php index 84282b8d..c4c0d15a 100644 --- a/index.php +++ b/index.php
@@ -1314,18 +1314,19 @@ function renderPage($conf, $pluginManager)
1314	}	1314	}
1315		1315
1316	// -------- User clicked the "Delete" button when editing a link: Delete link from database.	1316	// -------- User clicked the "Delete" button when editing a link: Delete link from database.
1317	if (isset($_POST['delete_link']))	1317	if ($targetPage == Router::$PAGE_DELETELINK)
1318	{	1318	{
1319	if (!tokenOk($_POST['token'])) die('Wrong token.');	1319	if (!tokenOk($_GET['token'])) die('Wrong token.');
1320	// We do not need to ask for confirmation:	1320	// We do not need to ask for confirmation:
1321	// - confirmation is handled by JavaScript	1321	// - confirmation is handled by JavaScript
1322	// - we are protected from XSRF by the token.	1322	// - we are protected from XSRF by the token.
1323	$linkdate=$_POST['lf_linkdate'];	1323	$linkdate = $_GET['delete_link'];
1324		1324	$link = $LINKSDB[$linkdate];
1325	$pluginManager->executeHooks('delete_link', $LINKSDB[$linkdate]);	1325
		1326	$pluginManager->executeHooks('delete_link', $link);
1326		1327
1327	unset($LINKSDB[$linkdate]);	1328	unset($LINKSDB[$linkdate]);
1328	$LINKSDB->save('resource.page_cache'); // save to disk	1329	$LINKSDB->save($conf->get('resource.page_cache')); // save to disk
1329		1330
1330	// If we are called from the bookmarklet, we must close the popup:	1331	// If we are called from the bookmarklet, we must close the popup:
1331	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }	1332	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }


diff --git a/tpl/linklist.html b/tpl/linklist.html index 9782cff6..70c9cf79 100644 --- a/tpl/linklist.html +++ b/tpl/linklist.html
@@ -86,10 +86,9 @@
86	<input type="hidden" name="edit_link" value="{$value.linkdate}">	86	<input type="hidden" name="edit_link" value="{$value.linkdate}">
87	<input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit">	87	<input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit">
88	</form><br>	88	</form><br>
89	<form method="POST" class="buttoneditform">	89	<form method="GET" class="buttoneditform">
90	<input type="hidden" name="lf_linkdate" value="{$value.linkdate}">
91	<input type="hidden" name="token" value="{$token}">	90	<input type="hidden" name="token" value="{$token}">
92	<input type="hidden" name="delete_link">	91	<input type="hidden" name="delete_link" value="{$value.linkdate}">
93	<input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete"	92	<input type="image" alt="Delete" src="images/delete_icon.png#" title="Delete"
94	class="button_delete" onClick="return confirmDeleteLink();">	93	class="button_delete" onClick="return confirmDeleteLink();">
95	</form>	94	</form>