using delete action so security token is not skipped

author: Cash Costello <cash.costello@gmail.com> 2009-10-05 23:37:49 +0000
committer: Cash Costello <cash.costello@gmail.com> 2009-10-05 23:37:49 +0000
commit: 1a7154ad17d69107cafd1f80e71e7cd5406f811c (patch)
tree: 896308fa7ebed2f47ea010a97e969c4c9e0ad489 /pages/viewalbum.php
parent: 39060653573bf4dd51e891aecdb571c78a866675 (diff)
download: elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.gz
elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/pages/viewalbum.php b/pages/viewalbum.php
index 3cc854c94..402c2d7e6 100644
--- a/pages/viewalbum.php
+++ b/pages/viewalbum.php
@@ -52,8 +52,10 @@
 		add_submenu_item(	elgg_echo('album:edit'),
 							$CONFIG->wwwroot . 'pg/photos/edit/' . $album_guid,
 							'photos');
+		$ts = time();
+		$token = generate_action_token($ts);
 		add_submenu_item(	elgg_echo('album:delete'),
-							$CONFIG->wwwroot . 'pg/photos/delete/' . $album_guid,
+							$CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $album_guid . '&amp;__elgg_token=' . $token . '&amp;__elgg_ts=' . $ts,
 							'photos',
 							true);
 	}
author	Cash Costello <cash.costello@gmail.com>	2009-10-05 23:37:49 +0000
committer	Cash Costello <cash.costello@gmail.com>	2009-10-05 23:37:49 +0000
commit	1a7154ad17d69107cafd1f80e71e7cd5406f811c (patch)
tree	896308fa7ebed2f47ea010a97e969c4c9e0ad489 /pages/viewalbum.php
parent	39060653573bf4dd51e891aecdb571c78a866675 (diff)
download	elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.gz elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.bz2