From 6a6aa2b96da86f100089c643e905aede5260c8c8 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 3 Jan 2016 14:42:43 +0100 Subject: Fixes #428: validate buttons presence instead of value Also adds a validation where renaming with 'fromtag' specified and empty 'totag'. It was causing a 404, now it just re-render the form. --- index.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 40a6fbe5..1a83ca40 100644 --- a/index.php +++ b/index.php @@ -1453,19 +1453,20 @@ function renderPage() // -------- User wants to rename a tag or delete it if ($targetPage == Router::$PAGE_CHANGETAG) { - if (empty($_POST['fromtag'])) - { - $PAGE->assign('linkcount',count($LINKSDB)); - $PAGE->assign('token',getToken()); + if (empty($_POST['fromtag']) || (empty($_POST['totag']) && isset($_POST['renametag']))) { + $PAGE->assign('linkcount', count($LINKSDB)); + $PAGE->assign('token', getToken()); $PAGE->assign('tags', $LINKSDB->allTags()); $PAGE->renderPage('changetag'); exit; } - if (!tokenOk($_POST['token'])) die('Wrong token.'); + + if (!tokenOk($_POST['token'])) { + die('Wrong token.'); + } // Delete a tag: - if (!empty($_POST['deletetag']) && !empty($_POST['fromtag'])) - { + if (isset($_POST['deletetag']) && !empty($_POST['fromtag'])) { $needle=trim($_POST['fromtag']); $linksToAlter = $LINKSDB->filterTags($needle,true); // True for case-sensitive tag search. foreach($linksToAlter as $key=>$value) @@ -1481,8 +1482,7 @@ function renderPage() } // Rename a tag: - if (!empty($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) - { + if (isset($_POST['renametag']) && !empty($_POST['fromtag']) && !empty($_POST['totag'])) { $needle=trim($_POST['fromtag']); $linksToAlter = $LINKSDB->filterTags($needle,true); // true for case-sensitive tag search. foreach($linksToAlter as $key=>$value) -- cgit v1.2.3