diff options
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 19 |
1 files changed, 11 insertions, 8 deletions
| @@ -1311,18 +1311,21 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
| 1311 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. | 1311 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. |
| 1312 | if ($targetPage == Router::$PAGE_DELETELINK) | 1312 | if ($targetPage == Router::$PAGE_DELETELINK) |
| 1313 | { | 1313 | { |
| 1314 | // We do not need to ask for confirmation: | ||
| 1315 | // - confirmation is handled by JavaScript | ||
| 1316 | // - we are protected from XSRF by the token. | ||
| 1317 | |||
| 1318 | if (! tokenOk($_GET['token'])) { | 1314 | if (! tokenOk($_GET['token'])) { |
| 1319 | die('Wrong token.'); | 1315 | die('Wrong token.'); |
| 1320 | } | 1316 | } |
| 1321 | 1317 | ||
| 1322 | $id = intval(escape($_GET['lf_linkdate'])); | 1318 | if (strpos($_GET['lf_linkdate'], ' ') !== false) { |
| 1323 | $link = $LINKSDB[$id]; | 1319 | $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate'])))); |
| 1324 | $pluginManager->executeHooks('delete_link', $link); | 1320 | } else { |
| 1325 | unset($LINKSDB[$id]); | 1321 | $ids = [$_GET['lf_linkdate']]; |
| 1322 | } | ||
| 1323 | foreach ($ids as $id) { | ||
| 1324 | $id = (int) escape($id); | ||
| 1325 | $link = $LINKSDB[$id]; | ||
| 1326 | $pluginManager->executeHooks('delete_link', $link); | ||
| 1327 | unset($LINKSDB[$id]); | ||
| 1328 | } | ||
| 1326 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk | 1329 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk |
| 1327 | $history->deleteLink($link); | 1330 | $history->deleteLink($link); |
| 1328 | 1331 | ||