Merge pull request #682 from ArthurHoaro/delete-button

Bugfixes on link deletion, and use a GET form
This commit is contained in:
Arthur 2017-01-04 16:35:29 +01:00 committed by GitHub
commit fc11ab2f29
3 changed files with 15 additions and 9 deletions

View file

@ -31,6 +31,8 @@ class Router
public static $PAGE_EDITLINK = 'edit_link'; public static $PAGE_EDITLINK = 'edit_link';
public static $PAGE_DELETELINK = 'delete_link';
public static $PAGE_EXPORT = 'export'; public static $PAGE_EXPORT = 'export';
public static $PAGE_IMPORT = 'import'; public static $PAGE_IMPORT = 'import';
@ -120,6 +122,10 @@ public static function findPage($query, $get, $loggedIn)
return self::$PAGE_EDITLINK; return self::$PAGE_EDITLINK;
} }
if (isset($get['delete_link'])) {
return self::$PAGE_DELETELINK;
}
if (startsWith($query, 'do='. self::$PAGE_EXPORT)) { if (startsWith($query, 'do='. self::$PAGE_EXPORT)) {
return self::$PAGE_EXPORT; return self::$PAGE_EXPORT;
} }

View file

@ -1316,21 +1316,21 @@ function renderPage($conf, $pluginManager, $LINKSDB)
} }
// -------- User clicked the "Delete" button when editing a link: Delete link from database. // -------- User clicked the "Delete" button when editing a link: Delete link from database.
if (isset($_POST['delete_link'])) if ($targetPage == Router::$PAGE_DELETELINK)
{ {
if (!tokenOk($_POST['token'])) die('Wrong token.');
// We do not need to ask for confirmation: // We do not need to ask for confirmation:
// - confirmation is handled by JavaScript // - confirmation is handled by JavaScript
// - we are protected from XSRF by the token. // - we are protected from XSRF by the token.
// FIXME! We keep `lf_linkdate` for consistency before a proper API. To be removed. if (! tokenOk($_GET['token'])) {
$id = isset($_POST['lf_id']) ? intval(escape($_POST['lf_id'])) : intval(escape($_POST['lf_linkdate'])); die('Wrong token.');
}
$pluginManager->executeHooks('delete_link', $LINKSDB[$id]);
$id = intval(escape($_GET['lf_linkdate']));
$link = $LINKSDB[$id];
$pluginManager->executeHooks('delete_link', $link);
unset($LINKSDB[$id]); unset($LINKSDB[$id]);
$LINKSDB->save('resource.page_cache'); // save to disk $LINKSDB->save($conf->get('resource.page_cache')); // save to disk
// If we are called from the bookmarklet, we must close the popup: // If we are called from the bookmarklet, we must close the popup:
if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; } if (isset($_GET['source']) && ($_GET['source']=='bookmarklet' || $_GET['source']=='firefoxsocialapi')) { echo '<script>self.close();</script>'; exit; }

View file

@ -84,7 +84,7 @@
<input type="hidden" name="edit_link" value="{$value.id}"> <input type="hidden" name="edit_link" value="{$value.id}">
<input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit"> <input type="image" alt="Edit" src="images/edit_icon.png#" title="Edit" class="button_edit">
</form><br> </form><br>
<form method="POST" class="buttoneditform"> <form method="GET" class="buttoneditform">
<input type="hidden" name="lf_linkdate" value="{$value.id}"> <input type="hidden" name="lf_linkdate" value="{$value.id}">
<input type="hidden" name="token" value="{$token}"> <input type="hidden" name="token" value="{$token}">
<input type="hidden" name="delete_link"> <input type="hidden" name="delete_link">