From 1a7154ad17d69107cafd1f80e71e7cd5406f811c Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Mon, 5 Oct 2009 23:37:49 +0000
Subject: using delete action so security token is not skipped

---
 pages/viewimage.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'pages/viewimage.php')

diff --git a/pages/viewimage.php b/pages/viewimage.php
index 5caccdf06..5f23fc685 100644
--- a/pages/viewimage.php
+++ b/pages/viewimage.php
@@ -39,8 +39,10 @@
 		add_submenu_item(	elgg_echo('image:edit'),
 							$CONFIG->wwwroot . 'pg/photos/edit/' . $photo_guid,
 							'photos');
+		$ts = time();
+		$token = generate_action_token($ts);
 		add_submenu_item(	elgg_echo('image:delete'),
-							$CONFIG->wwwroot . 'pg/photos/delete/' . $photo_guid,
+							$CONFIG->wwwroot . 'action/tidypics/delete?guid=' . $photo_guid . '&amp;__elgg_token=' . $token . '&amp;__elgg_ts=' . $ts,
 							'photos',
 							true);
 	}
-- 
cgit v1.2.3