aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php19
1 files changed, 11 insertions, 8 deletions
diff --git a/index.php b/index.php
index ab1e30da..5e61cbb0 100644
--- a/index.php
+++ b/index.php
@@ -1329,18 +1329,21 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1329 // -------- User clicked the "Delete" button when editing a link: Delete link from database. 1329 // -------- User clicked the "Delete" button when editing a link: Delete link from database.
1330 if ($targetPage == Router::$PAGE_DELETELINK) 1330 if ($targetPage == Router::$PAGE_DELETELINK)
1331 { 1331 {
1332 // We do not need to ask for confirmation:
1333 // - confirmation is handled by JavaScript
1334 // - we are protected from XSRF by the token.
1335
1336 if (! tokenOk($_GET['token'])) { 1332 if (! tokenOk($_GET['token'])) {
1337 die('Wrong token.'); 1333 die('Wrong token.');
1338 } 1334 }
1339 1335
1340 $id = intval(escape($_GET['lf_linkdate'])); 1336 if (strpos($_GET['lf_linkdate'], ' ') !== false) {
1341 $link = $LINKSDB[$id]; 1337 $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate']))));
1342 $pluginManager->executeHooks('delete_link', $link); 1338 } else {
1343 unset($LINKSDB[$id]); 1339 $ids = [$_GET['lf_linkdate']];
1340 }
1341 foreach ($ids as $id) {
1342 $id = (int) escape($id);
1343 $link = $LINKSDB[$id];
1344 $pluginManager->executeHooks('delete_link', $link);
1345 unset($LINKSDB[$id]);
1346 }
1344 $LINKSDB->save($conf->get('resource.page_cache')); // save to disk 1347 $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
1345 $history->deleteLink($link); 1348 $history->deleteLink($link);
1346 1349