diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -1325,21 +1325,21 @@ function renderPage($conf, $pluginManager) | |||
1325 | } | 1325 | } |
1326 | 1326 | ||
1327 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. | 1327 | // -------- User clicked the "Delete" button when editing a link: Delete link from database. |
1328 | if (isset($_POST['delete_link'])) | 1328 | if ($targetPage == Router::$PAGE_DELETELINK) |
1329 | { | 1329 | { |
1330 | if (!tokenOk($_POST['token'])) die('Wrong token.'); | ||
1331 | |||
1332 | // We do not need to ask for confirmation: | 1330 | // We do not need to ask for confirmation: |
1333 | // - confirmation is handled by JavaScript | 1331 | // - confirmation is handled by JavaScript |
1334 | // - we are protected from XSRF by the token. | 1332 | // - we are protected from XSRF by the token. |
1335 | 1333 | ||
1336 | // FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed. | 1334 | if (! tokenOk($_GET['token'])) { |
1337 | $id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate'])); | 1335 | die('Wrong token.'); |
1338 | 1336 | } | |
1339 | $pluginManager->executeHooks('delete_link', $LINKSDB[$id]); | ||
1340 | 1337 | ||
1338 | $id = intval(escape($_GET['lf_linkdate'])); | ||
1339 | $link = $LINKSDB[$id]; | ||
1340 | $pluginManager->executeHooks('delete_link', $link); | ||
1341 | unset($LINKSDB[$id]); | 1341 | unset($LINKSDB[$id]); |
1342 | $LINKSDB->save('resource.page_cache'); // save to disk | 1342 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk |
1343 | 1343 | ||
1344 | // If we are called from the bookmarklet, we must close the popup: | 1344 | // If we are called from the bookmarklet, we must close the popup: |
1345 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } | 1345 | if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } |