- function delete_notice() {
- $url = common_get_returnto();
- $confirmed = $this->trimmed('submit');
- if ($confirmed == 'Yes') {
- $user = common_current_user();
- $notice_id = $this->trimmed('notice');
- $notice = Notice::staticGet($notice_id);
- $replies = new Reply;
- $replies->get('notice_id', $notice_id);
-
- common_dequeue_notice($notice);
- $replies->delete();
- $notice->delete();
- }
- else {
- if ($url) {
- common_set_returnto(NULL);
- } else {
- $url = common_local_url('public');
- }
- }
- common_redirect($url);
- }
+ function delete_notice() {
+ # CSRF protection
+ $token = $this->trimmed('token');
+ if (!$token || $token != common_session_token()) {
+ $this->show_form(_('There was a problem with your session token. Try again, please.'));
+ return;
+ }
+ $url = common_get_returnto();
+ $confirmed = $this->trimmed('submit');
+ if ($confirmed == _('Yes')) {
+ $user = common_current_user();
+ $notice_id = $this->trimmed('notice');
+ $notice = Notice::staticGet($notice_id);
+ $replies = new Reply;
+ $replies->get('notice_id', $notice_id);
+
+ common_dequeue_notice($notice);
+ if (common_config('memcached', 'enabled')) {
+ $notice->blowSubsCache();
+ }
+ $replies->delete();
+ $notice->delete();
+ } else {
+ if ($url) {
+ common_set_returnto(NULL);
+ } else {
+ $url = common_local_url('public');
+ }
+ }
+ common_redirect($url);
+ }