using delete action so security token is not skipped

3 files changed, 6 insertions, 7 deletions

diff --git a/pages/viewalbum.php b/pages/viewalbum.php
index 3cc854c94..402c2d7e6 100644
--- a/pages/viewalbum.php
+++ b/pages/viewalbum.php
@@ -52,8 +52,10 @@
 		add_submenu_item(	elgg_echo('album:edit'),

 							$CONFIG->wwwroot . 'pg/photos/edit/' . $album_guid,

 							'photos');

+		$ts = time();

+		$token = generate_action_token($ts);

 		add_submenu_item(	elgg_echo('album:delete'),

-							$CONFIG->wwwroot . 'pg/photos/delete/' . $album_guid,

+							$CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $album_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts,

 							'photos',

 							true);

 	}

diff --git a/pages/viewimage.php b/pages/viewimage.php
index 5caccdf06..5f23fc685 100644
--- a/pages/viewimage.php
+++ b/pages/viewimage.php
@@ -39,8 +39,10 @@
 		add_submenu_item(	elgg_echo('image:edit'),

 							$CONFIG->wwwroot . 'pg/photos/edit/' . $photo_guid,

 							'photos');

+		$ts = time();

+		$token = generate_action_token($ts);

 		add_submenu_item(	elgg_echo('image:delete'),

-							$CONFIG->wwwroot . 'pg/photos/delete/' . $photo_guid,

+							$CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $photo_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts,

 							'photos',

 							true);

 	}

diff --git a/start.php b/start.php
index c777331c6..f0c35c62f 100644
--- a/start.php
+++ b/start.php
@@ -261,11 +261,6 @@
 					include($CONFIG->pluginspath . "tidypics/pages/edit.php");

 				break;

 

-				case "delete": //edit image or album

-					if (isset($page[1])) set_input('guid',$page[1]);

-					include($CONFIG->pluginspath . "tidypics/actions/delete.php");

-				break;

-

 				case "friends": // albums of friends

 					if (isset($page[1])) set_input('username',$page[1]);

 					include($CONFIG->pluginspath . "tidypics/pages/friends.php");