From 1a7154ad17d69107cafd1f80e71e7cd5406f811c Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Mon, 5 Oct 2009 23:37:49 +0000 Subject: using delete action so security token is not skipped --- pages/viewalbum.php | 4 +++- pages/viewimage.php | 4 +++- start.php | 5 ----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/pages/viewalbum.php b/pages/viewalbum.php index 3cc854c94..402c2d7e6 100644 --- a/pages/viewalbum.php +++ b/pages/viewalbum.php @@ -52,8 +52,10 @@ add_submenu_item( elgg_echo('album:edit'), $CONFIG->wwwroot . 'pg/photos/edit/' . $album_guid, 'photos'); + $ts = time(); + $token = generate_action_token($ts); add_submenu_item( elgg_echo('album:delete'), - $CONFIG->wwwroot . 'pg/photos/delete/' . $album_guid, + $CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $album_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts, 'photos', true); } diff --git a/pages/viewimage.php b/pages/viewimage.php index 5caccdf06..5f23fc685 100644 --- a/pages/viewimage.php +++ b/pages/viewimage.php @@ -39,8 +39,10 @@ add_submenu_item( elgg_echo('image:edit'), $CONFIG->wwwroot . 'pg/photos/edit/' . $photo_guid, 'photos'); + $ts = time(); + $token = generate_action_token($ts); add_submenu_item( elgg_echo('image:delete'), - $CONFIG->wwwroot . 'pg/photos/delete/' . $photo_guid, + $CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $photo_guid . '&__elgg_token=' . $token . '&__elgg_ts=' . $ts, 'photos', true); } diff --git a/start.php b/start.php index c777331c6..f0c35c62f 100644 --- a/start.php +++ b/start.php @@ -261,11 +261,6 @@ include($CONFIG->pluginspath . "tidypics/pages/edit.php"); break; - case "delete": //edit image or album - if (isset($page[1])) set_input('guid',$page[1]); - include($CONFIG->pluginspath . "tidypics/actions/delete.php"); - break; - case "friends": // albums of friends if (isset($page[1])) set_input('username',$page[1]); include($CONFIG->pluginspath . "tidypics/pages/friends.php"); -- cgit v1.2.3