On Wed, Sep 26, 2012 at 08:03:23PM -0400, canyonknight wrote:
Package actions now have a separate box on the package details page. Make a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com> --- web/html/index.php | 3 +++ web/html/pkgdel.php | 45 ++++++++++++++++++++++++++++++++++++++++++++ web/template/pkg_details.php | 3 +++ 3 files changed, 51 insertions(+) create mode 100644 web/html/pkgdel.php
diff --git a/web/html/index.php b/web/html/index.php index ce8fa52..3fe6338 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "unflag": $_POST['do_UnFlag'] = __('UnFlag'); break; + case "delete": + include('pkgdel.php'); + return; }
if (isset($_COOKIE['AURSID'])) { diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php new file mode 100644 index 0000000..a581176 --- /dev/null +++ b/web/html/pkgdel.php @@ -0,0 +1,45 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgfuncs.inc.php"); + +set_lang(); +check_sid(); + +html_header(__("Package Deletion")); + +$atype = ""; + +if (isset($_COOKIE["AURSID"])) { + $atype = account_from_sid($_COOKIE["AURSID"]); +} + +if ($atype == "Trusted User" || $atype == "Developer"): ?> +<div class="box"> + <h2><?php echo __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2> + <p> + <?php echo __('Use this form to delete the package (%s%s%s) from the AUR. ', + '<strong>', htmlspecialchars($pkgname), '</strong>' + ); + echo __('Deletion of a package is permanent. '); + echo __('Select the checkbox to confirm action.') ?> + </p> + <form action="<?php echo get_uri('/packages/'); ?>" method="post"> + <fieldset> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" /> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?php echo __("Confirm package deletion") ?></p> + <p><input type="submit" class="button" name="do_Delete" value="<?php echo __("Delete") ?>" /></p> + </fieldset> + </form> +</div> + +<?php else: + print __("Only Trusted Users and Developers can delete packages."); +endif; + +html_footer(AUR_VERSION);
You're still using the deprecated "<?php echo" and <?php print" syntax here. It would be great if this could be revised to use the new shortcut syntax.
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 4e9e073..dcc086b 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]); <?php else: ?> <li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li> <?php endif; ?> + <?php if ($atype == "Trusted User" || $atype == "Developer"): ?> + <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li> + <?php endif; ?> <?php endif; ?> </ul> <?php if ($uid): ?> -- 1.7.12.1