1 files changed, 8 insertions, 8 deletions
diff --git a/index.php b/index.php
index bb1debd3..2ed14d4f 100644
--- a/index.php
+++ b/index.php
@@ -1316,21 +1316,21 @@ function renderPage($conf, $pluginManager, $LINKSDB)
    }
    // -------- User clicked the "Delete" button when editing a link: Delete link from database.
-    if (isset($_POST['delete_link']))
+    if ($targetPage == Router::$PAGE_DELETELINK)
    {
-        if (!tokenOk($_POST['token'])) die('Wrong token.');
        // We do not need to ask for confirmation:
        // - confirmation is handled by JavaScript
        // - we are protected from XSRF by the token.
-        // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.
+        if (! tokenOk($_GET['token'])) {
-        $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));
+            die('Wrong token.');
+        }
-        $pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
+        $id = intval(escape($_GET['lf_linkdate']));
+        $link = $LINKSDB[$id];
+        $pluginManager->executeHooks('delete_link', $link);
        unset($LINKSDB[$id]);
-        $LINKSDB->save('resource.page_cache'); // save to disk
+        $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
        // If we are called from the bookmarklet, we must close the popup:
        if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }

diff --git a/index.php b/index.php index bb1debd3..2ed14d4f 100644 --- a/index.php +++ b/index.php
@@ -1316,21 +1316,21 @@ function renderPage($conf, $pluginManager, $LINKSDB)
1316	}	1316	}
1317		1317
1318	// -------- User clicked the "Delete" button when editing a link: Delete link from database.	1318	// -------- User clicked the "Delete" button when editing a link: Delete link from database.
1319	if (isset($_POST['delete_link']))	1319	if ($targetPage == Router::$PAGE_DELETELINK)
1320	{	1320	{
1321	if (!tokenOk($_POST['token'])) die('Wrong token.');
1322
1323	// We do not need to ask for confirmation:	1321	// We do not need to ask for confirmation:
1324	// - confirmation is handled by JavaScript	1322	// - confirmation is handled by JavaScript
1325	// - we are protected from XSRF by the token.	1323	// - we are protected from XSRF by the token.
1326		1324
1327	// FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed.	1325	if (! tokenOk($_GET['token'])) {
1328	$id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate']));	1326	die('Wrong token.');
1329		1327	}
1330	$pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
1331		1328
		1329	$id = intval(escape($_GET['lf_linkdate']));
		1330	$link = $LINKSDB[$id];
		1331	$pluginManager->executeHooks('delete_link', $link);
1332	unset($LINKSDB[$id]);	1332	unset($LINKSDB[$id]);
1333	$LINKSDB->save('resource.page_cache'); // save to disk	1333	$LINKSDB->save($conf->get('resource.page_cache')); // save to disk
1334		1334
1335	// If we are called from the bookmarklet, we must close the popup:	1335	// If we are called from the bookmarklet, we must close the popup:
1336	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }	1336	if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' \|\| $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }