X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fdeletenotice.php;h=64746283ae5103f18b06823d095412711eeafca4;hb=803bdff3f67cce50931ce75dd209883a93a20bd3;hp=f2c040a5a9a179a33610a7e465eaea6783d4d970;hpb=060fecf5ec59202c5eaf3448f9723a81820d5735;p=quix0rs-gnu-social.git

diff --git a/actions/deletenotice.php b/actions/deletenotice.php
index f2c040a5a9..64746283ae 100644
--- a/actions/deletenotice.php
+++ b/actions/deletenotice.php
@@ -44,11 +44,12 @@ class DeletenoticeAction extends DeleteAction {
 	function show_form($error=NULL) {
 		$user = common_current_user();
 
-		common_show_header($this->get_title(), array($this, 'show_header'), NULL,
+		common_show_header($this->get_title(), array($this, 'show_header'), $error,
 						   array($this, 'show_top'));
 		common_element_start('form', array('id' => 'notice_delete_form',
 								   'method' => 'post',
 								   'action' => common_local_url('deletenotice')));
+		common_hidden('token', common_session_token());
 		common_hidden('notice', $this->trimmed('notice'));
 		common_element_start('p');
 		common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?'));
@@ -67,6 +68,12 @@ class DeletenoticeAction extends DeleteAction {
 	}
 
 	function delete_notice() {
+		# CSRF protection
+		$token = $this->trimmed('token');
+		if (!$token || $token != common_session_token()) {
+			$this->show_form(_('There was a problem with your session token. Try again, please.'));
+			return;
+		}
 		$url = common_get_returnto();
 		$confirmed = $this->trimmed('submit');
 		if ($confirmed == _('Yes')) {
@@ -77,6 +84,9 @@ class DeletenoticeAction extends DeleteAction {
 			$replies->get('notice_id', $notice_id);
 
 			common_dequeue_notice($notice);
+			if (common_config('memcached', 'enabled')) {
+				$notice->blowSubsCache();
+			}
 			$replies->delete();
 			$notice->delete();
 		} else {