diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 45 |
1 files changed, 45 insertions, 0 deletions
@@ -1273,6 +1273,51 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, | |||
1273 | exit; | 1273 | exit; |
1274 | } | 1274 | } |
1275 | 1275 | ||
1276 | // -------- User clicked either "Set public" or "Set private" bulk operation | ||
1277 | if ($targetPage == Router::$PAGE_CHANGE_VISIBILITY) { | ||
1278 | if (! $sessionManager->checkToken($_GET['token'])) { | ||
1279 | die(t('Wrong token.')); | ||
1280 | } | ||
1281 | |||
1282 | $ids = trim($_GET['ids']); | ||
1283 | if (strpos($ids, ' ') !== false) { | ||
1284 | // multiple, space-separated ids provided | ||
1285 | $ids = array_values(array_filter(preg_split('/\s+/', escape($ids)))); | ||
1286 | } else { | ||
1287 | // only a single id provided | ||
1288 | $ids = [$ids]; | ||
1289 | } | ||
1290 | |||
1291 | // assert at least one id is given | ||
1292 | if (!count($ids)) { | ||
1293 | die('no id provided'); | ||
1294 | } | ||
1295 | // assert that the visibility is valid | ||
1296 | if (!isset($_GET['newVisibility']) || !in_array($_GET['newVisibility'], ['public', 'private'])) { | ||
1297 | die('invalid visibility'); | ||
1298 | } else { | ||
1299 | $private = $_GET['newVisibility'] === 'private'; | ||
1300 | } | ||
1301 | foreach ($ids as $id) { | ||
1302 | $id = (int) escape($id); | ||
1303 | $link = $LINKSDB[$id]; | ||
1304 | $link['private'] = $private; | ||
1305 | $pluginManager->executeHooks('save_link', $link); | ||
1306 | $LINKSDB[$id] = $link; | ||
1307 | } | ||
1308 | $LINKSDB->save($conf->get('resource.page_cache')); // save to disk | ||
1309 | |||
1310 | $location = '?'; | ||
1311 | if (isset($_SERVER['HTTP_REFERER'])) { | ||
1312 | $location = generateLocation( | ||
1313 | $_SERVER['HTTP_REFERER'], | ||
1314 | $_SERVER['HTTP_HOST'] | ||
1315 | ); | ||
1316 | } | ||
1317 | header('Location: ' . $location); // After deleting the link, redirect to appropriate location | ||
1318 | exit; | ||
1319 | } | ||
1320 | |||
1276 | // -------- User clicked the "EDIT" button on a link: Display link edit form. | 1321 | // -------- User clicked the "EDIT" button on a link: Display link edit form. |
1277 | if (isset($_GET['edit_link'])) { | 1322 | if (isset($_GET['edit_link'])) { |
1278 | $id = (int) escape($_GET['edit_link']); | 1323 | $id = (int) escape($_GET['edit_link']); |