diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 45 |
1 files changed, 45 insertions, 0 deletions
@@ -1266,6 +1266,51 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, | |||
1266 | exit; | 1266 | exit; |
1267 | } | 1267 | } |
1268 | 1268 | ||
1269 | // -------- User clicked either "Set public" or "Set private" bulk operation | ||
1270 | if ($targetPage == Router::$PAGE_CHANGE_VISIBILITY) { | ||
1271 | if (! $sessionManager->checkToken($_GET['token'])) { | ||
1272 | die(t('Wrong token.')); | ||
1273 | } | ||
1274 | |||
1275 | $ids = trim($_GET['ids']); | ||
1276 | if (strpos($ids, ' ') !== false) { | ||
1277 | // multiple, space-separated ids provided | ||
1278 | $ids = array_values(array_filter(preg_split('/\s+/', escape($ids)))); | ||
1279 | } else { | ||
1280 | // only a single id provided | ||
1281 | $ids = [$ids]; | ||
1282 | } | ||
1283 | |||
1284 | // assert at least one id is given | ||
1285 | if (!count($ids)) { | ||
1286 | die('no id provided'); | ||
1287 | } | ||
1288 | // assert that the visibility is valid | ||
1289 | if (!isset($_GET['newVisibility']) || !in_array($_GET['newVisibility'], ['public', 'private'])) { | ||
1290 | die('invalid visibility'); | ||
1291 | } else { | ||
1292 | $private = $_GET['newVisibility'] === 'private'; | ||
1293 | } | ||
1294 | foreach ($ids as $id) { | ||
1295 | $id = (int) escape($id); | ||
1296 | $link = $LINKSDB[$id]; | ||
1297 | $link['private'] = $private; | ||
1298 | $pluginManager->executeHooks('save_link', $link); | ||
1299 | $LINKSDB[$id] = $link; | ||
1300 | } | ||
1301 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk | ||
1302 | |||
1303 | $location = '?'; | ||
1304 | if (isset($_SERVER['HTTP_REFERER'])) { | ||
1305 | $location = generateLocation( | ||
1306 | $_SERVER['HTTP_REFERER'], | ||
1307 | $_SERVER['HTTP_HOST'] | ||
1308 | ); | ||
1309 | } | ||
1310 | header('Location: ' . $location); // After deleting the link, redirect to appropriate location | ||
1311 | exit; | ||
1312 | } | ||
1313 | |||
1269 | // -------- User clicked the "EDIT" button on a link: Display link edit form. | 1314 | // -------- User clicked the "EDIT" button on a link: Display link edit form. |
1270 | if (isset($_GET['edit_link'])) { | 1315 | if (isset($_GET['edit_link'])) { |
1271 | $id = (int) escape($_GET['edit_link']); | 1316 | $id = (int) escape($_GET['edit_link']); |