diff --git a/lib/PrivateBin.php b/lib/PrivateBin.php
index e754016..fc69e57 100644
--- a/lib/PrivateBin.php
+++ b/lib/PrivateBin.php
@@ -334,19 +334,16 @@ class PrivateBin
// accessing this property ensures that the paste would be
// deleted if it has already expired
$burnafterreading = $paste->isBurnafterreading();
- if ($deletetoken == 'burnafterreading') {
- if ($burnafterreading) {
- $paste->delete();
- $this->_return_message(0, $dataid);
- } else {
- $this->_return_message(1, 'Paste is not of burn-after-reading type.');
- }
+ if (
+ ($burnafterreading && $deletetoken == 'burnafterreading') ||
+ Filter::slowEquals($deletetoken, $paste->getDeleteToken())
+ ) {
+ // Paste exists and deletion token is valid: Delete the paste.
+ $paste->delete();
+ $this->_status = 'Paste was properly deleted.';
} else {
- // Make sure the token is valid.
- if (Filter::slowEquals($deletetoken, $paste->getDeleteToken())) {
- // Paste exists and deletion token is valid: Delete the paste.
- $paste->delete();
- $this->_status = 'Paste was properly deleted.';
+ if (!$burnafterreading && $deletetoken == 'burnafterreading') {
+ $this->_error = 'Paste is not of burn-after-reading type.';
} else {
$this->_error = 'Wrong deletion token. Paste was not deleted.';
}
@@ -357,6 +354,13 @@ class PrivateBin
} catch (Exception $e) {
$this->_error = $e->getMessage();
}
+ if ($this->_request->isJsonApiCall()) {
+ if (strlen($this->_error)) {
+ $this->_return_message(1, $this->_error);
+ } else {
+ $this->_return_message(0, $dataid);
+ }
+ }
}
/**
diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php
index 9b9f9eb..05742bb 100644
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -69,7 +69,7 @@ if ($MARKDOWN):
-
+
diff --git a/tpl/page.php b/tpl/page.php
index c92136f..4ae0b6a 100644
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -47,7 +47,7 @@ if ($MARKDOWN):
-
+
diff --git a/tst/JsonApiTest.php b/tst/JsonApiTest.php
index 8579f01..5cf1360 100644
--- a/tst/JsonApiTest.php
+++ b/tst/JsonApiTest.php
@@ -147,10 +147,9 @@ class JsonApiTest extends PHPUnit_Framework_TestCase
$this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists before deleting data');
$paste = $this->_model->read(Helper::getPasteId());
$_POST = array(
- 'action' => 'delete',
+ 'pasteid' => Helper::getPasteId(),
'deletetoken' => hash_hmac('sha256', Helper::getPasteId(), $paste->meta->salt),
);
- $_SERVER['QUERY_STRING'] = Helper::getPasteId();
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';
$_SERVER['REQUEST_METHOD'] = 'POST';
ob_start();
diff --git a/tst/PrivateBinTest.php b/tst/PrivateBinTest.php
index 355b3f9..cebda5a 100644
--- a/tst/PrivateBinTest.php
+++ b/tst/PrivateBinTest.php
@@ -1047,7 +1047,7 @@ class PrivateBinTest extends PHPUnit_Framework_TestCase
ob_end_clean();
$response = json_decode($content, true);
$this->assertEquals(1, $response['status'], 'outputs status');
- $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste successfully deleted');
+ $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after failing to delete data');
}
/**