From a2715f410c410e95397ebbfabbe51a5abfd50387 Mon Sep 17 00:00:00 2001
From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?=
 <bombe@pterodactylus.net>
Date: Thu, 21 Oct 2010 15:38:43 +0200
Subject: [PATCH] Use a POST form to delete posts.

---
 .../net/pterodactylus/sone/web/DeletePostPage.java | 31 ++++++++++++++--------
 src/main/resources/templates/deletePost.html       |  4 ++-
 src/main/resources/templates/include/viewPost.html |  9 ++++++-
 3 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java b/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
index ea8aeff..18262a2 100644
--- a/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/DeletePostPage.java
@@ -51,20 +51,29 @@ public class DeletePostPage extends SoneTemplatePage {
 	@Override
 	protected void processTemplate(Request request, Template template) throws RedirectException {
 		super.processTemplate(request, template);
-		String postId = request.getHttpRequest().getParam("post", null);
-		if (postId == null) {
-			postId = request.getHttpRequest().getPartAsStringFailsafe("post", 36);
-		}
-		Post post = webInterface.core().getPost(postId);
-		Sone currentSone = getCurrentSone(request.getToadletContext());
-		if (!post.getSone().equals(currentSone)) {
-			throw new RedirectException("noPermission.html");
-		}
-		if (request.getMethod() == Method.POST) {
+		if (request.getMethod() == Method.GET) {
+			String postId = request.getHttpRequest().getParam("post");
+			String returnPage = request.getHttpRequest().getParam("returnPage");
+			Post post = webInterface.core().getPost(postId);
+			template.set("post", post);
+			template.set("returnPage", returnPage);
+			return;
+		} else if (request.getMethod() == Method.POST) {
+			String postId = request.getHttpRequest().getPartAsStringFailsafe("post", 36);
+			String returnPage = request.getHttpRequest().getPartAsStringFailsafe("returnPage", 64);
+			Post post = webInterface.core().getPost(postId);
+			Sone currentSone = getCurrentSone(request.getToadletContext());
+			if (!post.getSone().equals(currentSone)) {
+				throw new RedirectException("noPermission.html");
+			}
 			if (request.getHttpRequest().isPartSet("confirmDelete")) {
 				currentSone.removePost(post);
+				throw new RedirectException(returnPage);
+			} else if (request.getHttpRequest().isPartSet("abortDelete")) {
+				throw new RedirectException(returnPage);
 			}
-			throw new RedirectException("index.html");
+			template.set("post", post);
+			template.set("returnPage", returnPage);
 		}
 	}
 
diff --git a/src/main/resources/templates/deletePost.html b/src/main/resources/templates/deletePost.html
index 0de27af..087cb49 100644
--- a/src/main/resources/templates/deletePost.html
+++ b/src/main/resources/templates/deletePost.html
@@ -6,8 +6,10 @@
 
 	<form method="post">
 		<input type="hidden" name="formPassword" value="<% formPassword|html>" />
+		<input type="hidden" name="returnPage" value="<% returnPage|html>" />
+		<input type="hidden" name="post" value="<% post.id|html>" />
 		<button type="submit" name="confirmDelete" value="1"><%= Page.DeletePost.Button.Yes|l10n|html></button>
-		<button type="submit"><%= Page.DeletePost.Button.No|l10n|html></button>
+		<button type="submit" name="abortDelete" value="1"><%= Page.DeletePost.Button.No|l10n|html></button>
 	</form>
 
 <%include include/tail.html>
diff --git a/src/main/resources/templates/include/viewPost.html b/src/main/resources/templates/include/viewPost.html
index c40047d..8d1f8ce 100644
--- a/src/main/resources/templates/include/viewPost.html
+++ b/src/main/resources/templates/include/viewPost.html
@@ -5,7 +5,14 @@
 	</div>
 	<div class="status-line">
 		<div class="time"><a href="viewPost.html?post=<% post.id|html>"><% post.time|date format="MMM d, yyyy, HH:mm:ss"></a></div>
-		<%if post.sone.current><div class="delete"><a href="deletePost.html?post=<% post.id|html>"><%= View.Post.DeleteLink|l10n|html></a></div><%/if>
+		<%if post.sone.current>
+			<form class="delete" action="deletePost.html" method="post">
+				<input type="hidden" name="formPassword" value="<% formPassword|html>" />
+				<input type="hidden" name="returnPage" value="<% request.uri|html>" />
+				<input type="hidden" name="post" value="<% post.id|html>" />
+				<button type="submit"><%= View.Post.DeleteLink|l10n|html></button>
+			</form>
+		<%/if>
 	</div>
 	<div class="replies">
 		<%foreach post.replies reply>
-- 
2.7.4