Using POST instead of GET.

author: Lukas Reschke <lukas@statuscode.ch> 2012-06-10 23:38:26 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-06-10 23:38:26 +0200
commit: 9f276729c2a44151c29754e816fb002502222b1d (patch)
tree: 3654659364a537eb418d45d15cd40e0433bf533f /apps/bookmarks/ajax/editBookmark.php
parent: 380aab470ff375a8f898b3b9b8375236130209d0 (diff)
download: nextcloud-server-9f276729c2a44151c29754e816fb002502222b1d.tar.gz
nextcloud-server-9f276729c2a44151c29754e816fb002502222b1d.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php
index db349af35c1..fcec2e1cedb 100644
--- a/apps/bookmarks/ajax/editBookmark.php
+++ b/apps/bookmarks/ajax/editBookmark.php
@@ -39,7 +39,7 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
 	$_ut = "UNIX_TIMESTAMP()";
 }
 
-$bookmark_id = (int)$_GET["id"];
+$bookmark_id = (int)$_POST["id"];
 
 $query = OCP\DB::prepare("
 	UPDATE *PREFIX*bookmarks
@@ -48,8 +48,8 @@ $query = OCP\DB::prepare("
 	");
 
 $params=array(
-	htmlspecialchars_decode($_GET["url"]),
-	htmlspecialchars_decode($_GET["title"]),
+	htmlspecialchars_decode($_POST["url"]),
+	htmlspecialchars_decode($_POST["title"]),
 	);
 $query->execute($params);
 
@@ -67,7 +67,7 @@ $query = OCP\DB::prepare("
 	VALUES (?, ?)
 	");
 	
-$tags = explode(' ', urldecode($_GET["tags"]));
+$tags = explode(' ', urldecode($_POST["tags"]));
 foreach ($tags as $tag) {
 	if(empty($tag)) {
 		//avoid saving blankspaces
author	Lukas Reschke <lukas@statuscode.ch>	2012-06-10 23:38:26 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-06-10 23:38:26 +0200
commit	9f276729c2a44151c29754e816fb002502222b1d (patch)
tree	3654659364a537eb418d45d15cd40e0433bf533f /apps/bookmarks/ajax/editBookmark.php
parent	380aab470ff375a8f898b3b9b8375236130209d0 (diff)
download	nextcloud-server-9f276729c2a44151c29754e816fb002502222b1d.tar.gz nextcloud-server-9f276729c2a44151c29754e816fb002502222b1d.zip