diff options
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 19 |
1 files changed, 11 insertions, 8 deletions
| @@ -1329,18 +1329,21 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
| 1329 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. | 1329 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. |
| 1330 | if ($targetPage == Router::$PAGE_DELETELINK) | 1330 | if ($targetPage == Router::$PAGE_DELETELINK) |
| 1331 | { | 1331 | { |
| 1332 | // We do not need to ask for confirmation: | ||
| 1333 | // - confirmation is handled by JavaScript | ||
| 1334 | // - we are protected from XSRF by the token. | ||
| 1335 | |||
| 1336 | if (! tokenOk($_GET['token'])) { | 1332 | if (! tokenOk($_GET['token'])) { |
| 1337 | die('Wrong token.'); | 1333 | die('Wrong token.'); |
| 1338 | } | 1334 | } |
| 1339 | 1335 | ||
| 1340 | $id = intval(escape($_GET['lf_linkdate'])); | 1336 | if (strpos($_GET['lf_linkdate'], ' ') !== false) { |
| 1341 | $link = $LINKSDB[$id]; | 1337 | $ids = array_values(array_filter(preg_split('/\s+/', escape($_GET['lf_linkdate'])))); |
| 1342 | $pluginManager->executeHooks('delete_link', $link); | 1338 | } else { |
| 1343 | unset($LINKSDB[$id]); | 1339 | $ids = [$_GET['lf_linkdate']]; |
| 1340 | } | ||
| 1341 | foreach ($ids as $id) { | ||
| 1342 | $id = (int) escape($id); | ||
| 1343 | $link = $LINKSDB[$id]; | ||
| 1344 | $pluginManager->executeHooks('delete_link', $link); | ||
| 1345 | unset($LINKSDB[$id]); | ||
| 1346 | } | ||
| 1344 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk | 1347 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk |
| 1345 | $history->deleteLink($link); | 1348 | $history->deleteLink($link); |
| 1346 | 1349 | ||