X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fdeletenotice.php;h=64746283ae5103f18b06823d095412711eeafca4;hb=803bdff3f67cce50931ce75dd209883a93a20bd3;hp=06c1bf27ea75ee2a07444b4d3a4ed08ffd989eff;hpb=faa3933fbb54d0fc4a12145bd0aefa899db30dea;p=quix0rs-gnu-social.git diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 06c1bf27ea..64746283ae 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -28,65 +28,74 @@ class DeletenoticeAction extends DeleteAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->delete_notice(); - } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { - $this->show_form(); + } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $this->show_form(); } } - function get_instructions() { - return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); - } + function get_instructions() { + return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); + } function get_title() { return _('Delete notice'); } function show_form($error=NULL) { - $user = common_current_user(); + $user = common_current_user(); - common_show_header($this->get_title(), array($this, 'show_header'), array($q, $error), + common_show_header($this->get_title(), array($this, 'show_header'), $error, array($this, 'show_top')); - common_element_start('form', array('id' => 'notice_delete_form', - 'method' => 'post', - 'action' => common_local_url('deletenotice'))); - common_hidden('notice', $this->trimmed(notice)); - common_element_start('p'); - common_element('span', array('id' => 'confirmation_text'),_('Are you sure you want to delete this notice?')); + common_element_start('form', array('id' => 'notice_delete_form', + 'method' => 'post', + 'action' => common_local_url('deletenotice'))); + common_hidden('token', common_session_token()); + common_hidden('notice', $this->trimmed('notice')); + common_element_start('p'); + common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?')); - common_element('input', array('id' => 'submit_no', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('No'))); - common_element('input', array('id' => 'submit_yes', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('Yes'))); - common_element_end('p'); - common_element_end('form'); + common_element('input', array('id' => 'submit_no', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('No'))); + common_element('input', array('id' => 'submit_yes', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('Yes'))); + common_element_end('p'); + common_element_end('form'); common_show_footer(); } - function delete_notice() { - $url = common_get_returnto(); - $confirmed = $this->trimmed('submit'); - if ($confirmed == 'Yes') { - $user = common_current_user(); - $notice_id = $this->trimmed('notice'); - $notice = Notice::staticGet($notice_id); - $replies = new Reply; - $replies->get('notice_id', $notice_id); - - common_dequeue_notice($notice); - $replies->delete(); - $notice->delete(); - } - else { - if ($url) { - common_set_returnto(NULL); - } else { - $url = common_local_url('public'); - } - } - common_redirect($url); - } + function delete_notice() { + # CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } + $url = common_get_returnto(); + $confirmed = $this->trimmed('submit'); + if ($confirmed == _('Yes')) { + $user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $notice = Notice::staticGet($notice_id); + $replies = new Reply; + $replies->get('notice_id', $notice_id); + + common_dequeue_notice($notice); + if (common_config('memcached', 'enabled')) { + $notice->blowSubsCache(); + } + $replies->delete(); + $notice->delete(); + } else { + if ($url) { + common_set_returnto(NULL); + } else { + $url = common_local_url('public'); + } + } + common_redirect($url); + } }