diff --git a/js/privatebin.js b/js/privatebin.js index 9be809d4..e3491538 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -741,6 +741,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { me.getPasteId = function() { if (id === null) { + // Attention: This also returns the delete token inside of the ID, if it is specified id = window.location.search.substring(1); if (id === '') { @@ -749,7 +750,19 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { } return id; - }; + } + + /** + * Returns true, when the URL has a delete token and the current call was used for deleting a paste. + * + * @name Model.hasDeleteToken + * @function + * @return {bool} + */ + me.hasDeleteToken = function() + { + return window.location.search.indexOf('deletetoken') !== -1; + } /** * return the deciphering key stored in anchor part of the URL @@ -4412,6 +4425,12 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { return me.newPaste(); } + // if delete token is passed (i.e. paste has been deleted by this access) + // there is no more stuf we need to do + if (Model.hasDeleteToken()) { + return; + } + // prevent bots from viewing a paste and potentially deleting data // when burn-after-reading is set // see https://github.com/elrido/ZeroBin/issues/11 diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 2cf9e6d8..e5a9d0b0 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -75,7 +75,7 @@ if ($MARKDOWN): - + diff --git a/tpl/page.php b/tpl/page.php index 4abcbce3..9c53ba99 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -54,7 +54,7 @@ if ($QRCODE): - +