diff options
| author | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:37:49 +0000 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2009-10-05 23:37:49 +0000 |
| commit | 1a7154ad17d69107cafd1f80e71e7cd5406f811c (patch) | |
| tree | 896308fa7ebed2f47ea010a97e969c4c9e0ad489 /pages | |
| parent | 39060653573bf4dd51e891aecdb571c78a866675 (diff) | |
| download | elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.gz elgg-1a7154ad17d69107cafd1f80e71e7cd5406f811c.tar.bz2 | |
using delete action so security token is not skipped
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/viewalbum.php | 4 | ||||
| -rw-r--r-- | pages/viewimage.php | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/pages/viewalbum.php b/pages/viewalbum.php index 3cc854c94..402c2d7e6 100644 --- a/pages/viewalbum.php +++ b/pages/viewalbum.php @@ -52,8 +52,10 @@ add_submenu_item( elgg_echo('album:edit'),
$CONFIG->wwwroot . 'pg/photos/edit/' . $album_guid,
'photos');
+ $ts = time();
+ $token = generate_action_token($ts);
add_submenu_item( elgg_echo('album:delete'),
- $CONFIG->wwwroot . 'pg/photos/delete/' . $album_guid,
+ $CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $album_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts,
'photos',
true);
}
diff --git a/pages/viewimage.php b/pages/viewimage.php index 5caccdf06..5f23fc685 100644 --- a/pages/viewimage.php +++ b/pages/viewimage.php @@ -39,8 +39,10 @@ add_submenu_item( elgg_echo('image:edit'),
$CONFIG->wwwroot . 'pg/photos/edit/' . $photo_guid,
'photos');
+ $ts = time();
+ $token = generate_action_token($ts);
add_submenu_item( elgg_echo('image:delete'),
- $CONFIG->wwwroot . 'pg/photos/delete/' . $photo_guid,
+ $CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $photo_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts,
'photos',
true);
}
|