using delete action so security token is not skipped

author: Cash Costello <cash.costello@gmail.com> 2009-10-05 23:37:49 +0000
committer: Cash Costello <cash.costello@gmail.com> 2009-10-05 23:37:49 +0000
commit: 1a7154ad17d69107cafd1f80e71e7cd5406f811c (patch)
tree: 896308fa7ebed2f47ea010a97e969c4c9e0ad489 /pages/viewimage.php
parent: 39060653573bf4dd51e891aecdb571c78a866675 (diff)
download: elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.gz
elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/pages/viewimage.php b/pages/viewimage.php
index 5caccdf06..5f23fc685 100644
--- a/pages/viewimage.php
+++ b/pages/viewimage.php
@@ -39,8 +39,10 @@
 		add_submenu_item(	elgg_echo('image:edit'),
 							$CONFIG->wwwroot . 'pg/photos/edit/' . $photo_guid,
 							'photos');
+		$ts = time();
+		$token = generate_action_token($ts);
 		add_submenu_item(	elgg_echo('image:delete'),
-							$CONFIG->wwwroot . 'pg/photos/delete/' . $photo_guid,
+							$CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $photo_guid . '&amp;__elgg_token=' . $token . '&amp;__elgg_ts=' . $ts,
 							'photos',
 							true);
 	}
author	Cash Costello <cash.costello@gmail.com>	2009-10-05 23:37:49 +0000
committer	Cash Costello <cash.costello@gmail.com>	2009-10-05 23:37:49 +0000
commit	1a7154ad17d69107cafd1f80e71e7cd5406f811c (patch)
tree	896308fa7ebed2f47ea010a97e969c4c9e0ad489 /pages/viewimage.php
parent	39060653573bf4dd51e891aecdb571c78a866675 (diff)
download	elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.gz elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.bz2