From 280eef779eb141969c7332331958bfb0b4bce9c5 Mon Sep 17 00:00:00 2001
From: jonasled <jonas@jonasled.de>
Date: Mon, 2 Mar 2020 10:27:12 +0100
Subject: [PATCH] delete funkction now uses post, not get

---
 deletelink.py              | 3 ++-
 main.py                    | 2 +-
 templates/editEntries.html | 5 +++--
 userprofile.py             | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/deletelink.py b/deletelink.py
index f7213de..10f8250 100644
--- a/deletelink.py
+++ b/deletelink.py
@@ -8,7 +8,8 @@ def deleteLink(request, s):
         loginbar = loginbar + "" #to hide the unused variable message
     except:
         abort(404) #if the user is not logged in, hide this page and return not found
-    linkToDelete = request.args.get('link') #get the link, which the user want's to delete from the parameter in the url.
+    linkToDelete = request.form.get('link') #get the link, which the user want's to delete from the parameter in the url.
+    print(linkToDelete)
 
     with connect('db/urls.db') as conn:
         cursor = conn.cursor()
diff --git a/main.py b/main.py
index 5ef70e4..ea69cc0 100644
--- a/main.py
+++ b/main.py
@@ -189,7 +189,7 @@ def ownLinks(pageNumber):
     if(loginEnabled): return userProfile(request, cookieNotice, s, pageNumber, url_scheme)
     else: abort(404)
 
-@app.route('/user/delete') #This function is called if a user deletes an entrie
+@app.route('/user/delete', methods=['POST']) #This function is called if a user deletes an entrie
 def delete():
     if(loginEnabled): return deleteLink(request, s)
     else: abort(404)
diff --git a/templates/editEntries.html b/templates/editEntries.html
index ee32eaf..6146e82 100644
--- a/templates/editEntries.html
+++ b/templates/editEntries.html
@@ -61,8 +61,9 @@
                      alert("error deleting link")
                   }
                };
-               xhttp.open("GET", link, true);
-               xhttp.send();
+               xhttp.open("POST", "/user/delete", true);
+               xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+               xhttp.send("link=" + link);
             }
          }
       </script>
diff --git a/userprofile.py b/userprofile.py
index c6e9a5e..e934afd 100644
--- a/userprofile.py
+++ b/userprofile.py
@@ -32,7 +32,7 @@ def userProfile(request, cookieNotice, s, pageNumber, url_scheme):
                     calls = str(cursor2.execute('SELECT CALLS FROM ANALYTICS WHERE SHORT_URL=?', [entries[1]]).fetchone()[0])
                 except:
                     calls = "0"
-                response = response + "<tr id=tr_" + str(idCounter) + ">\n<td>" + entries[0] + "</td>\n<td><a href=\"" + url_scheme + "://" + entries[1] + '">' + entries[1] + '</a></td>\n<td>' + calls + '</td>\n<td><a id="red" href="javascript:deleteLink(\'/user/delete?link=' + escape(entries[1].replace("'", "\\'")) + '\',\'tr_' + str(idCounter) + '\')">delete</a> <a href="#" id="dialog-link" onclick="buttonListener(\'' + entries[1] + '\', this)">QR</a></tr>\n'
+                response = response + "<tr id=tr_" + str(idCounter) + ">\n<td>" + entries[0] + "</td>\n<td><a href=\"" + url_scheme + "://" + entries[1] + '">' + entries[1] + '</a></td>\n<td>' + calls + '</td>\n<td><a id="red" href="javascript:deleteLink(\'' + escape(entries[1].replace("'", "\\'")) + '\', \'tr_' + str(idCounter) + '\')">delete</a> <a href="#" id="dialog-link" onclick="buttonListener(\'' + entries[1] + '\', this)">QR</a></tr>\n'
                 idCounter=idCounter+1
             response = response + "</table>" #Close the table
 
-- 
GitLab