fix bug allowing every one to delete the paste

with the mysql storage back end on every call the delete token
was regenerated so, that every one could delete the paste

1 files changed, 3 insertions, 3 deletions

diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php
index 8e16536..fe28007 100644
--- a/paste/include/storage/MysqlStorage.php
+++ b/paste/include/storage/MysqlStorage.php
@@ -114,7 +114,7 @@ INDEX (nick)
 		global $config;
 
 		if ($stmt = $this->mysql->prepare(
-			    'SELECT nick, language, content, description, time FROM ' . $this->table . '
+			    'SELECT nick, language, content, description, time, remote FROM ' . $this->table . '
                              WHERE pid = ? LIMIT 1'))
 		{
 			$stmt->bind_param('s', $pid);
@@ -126,7 +126,7 @@ INDEX (nick)
 				    $this->mysql->error);
 			}
 
-			$stmt->bind_result($nick, $lang, $content, $description, $time);
+			$stmt->bind_result($nick, $lang, $content, $description, $time, $remote);
 
 			if (!$stmt->fetch()) {
 				header('HTTP/1.0 404 Not Found');
@@ -139,7 +139,7 @@ INDEX (nick)
 			if (isset($config['short_results_path']))
 				$get_url = $config['short_results_path'] . $pid . '.html';
 
-			$remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid);
+			$remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid, $remote);
 			echo PastifyText($content, $lang, $description, $get_url, $remove_url);
 		}
 	}