Displaying flag, notify, vote, adopt and file request links for users which did not authenticate themselves and letting those fake buttons link to the login page. --- Agreed, the statements were kind of redundant. I hope this patch is more straightforward. web/lib/aur.inc.php | 33 ++++++++++++++++++++++----------- web/template/pkgbase_actions.php | 26 ++++++++++++-------------- 2 files changed, 34 insertions(+), 25 deletions(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 95f72ce..98ebde4 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -226,11 +226,16 @@ function html_format_maintainers($maintainer, $comaintainers) { * * @param string $uri The link target * @param string $desc The link label + * @param string $uid The User ID * * @return string The generated HTML code for the action link */ -function html_action_link($uri, $desc) { - $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; +function html_action_link($uri, $desc, $uid="") { + if ($uid) { + $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '">'; + } $code .= htmlspecialchars($desc) . '</a>'; return $code; @@ -242,18 +247,24 @@ function html_action_link($uri, $desc) { * @param string $uri The link target * @param string $action The action name (passed as HTTP POST parameter) * @param string $desc The link label + * @param string $uid The User ID * * @return string The generated HTML code for the action link */ -function html_action_form($uri, $action, $desc) { - $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; - $code .= 'method="post">'; - $code .= '<input type="hidden" name="token" value="'; - $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; - $code .= '<input type="submit" class="button text-button" name="'; - $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; - $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; - $code .= '</form>'; +function html_action_form($uri, $action, $desc, $uid="") { + if ($uid) { + $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; + $code .= 'method="post">'; + $code .= '<input type="hidden" name="token" value="'; + $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; + $code .= '<input type="submit" class="button text-button" name="'; + $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; + $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; + $code .= '</form>'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '">'; + $code .= htmlspecialchars($desc) . '</a>'; + } return $code; } diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php index a659c88..9675d3a 100644 --- a/web/template/pkgbase_actions.php +++ b/web/template/pkgbase_actions.php @@ -9,42 +9,40 @@ <li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a> <li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li> <li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li> - <?php if ($uid): ?> <?php if ($row["OutOfDateTS"] === NULL): ?> - <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li> + <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date'), $uid) ?></li> <?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?> - <li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package')) ?></li> + <li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package'), $uid) ?></li> <?php endif; ?> <?php if (pkgbase_user_voted($uid, $base_id)): ?> - <li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote')) ?></li> + <li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote'), $uid) ?></li> <?php else: ?> - <li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package')) ?></li> + <li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package'), $uid) ?></li> <?php endif; ?> <?php if (pkgbase_user_notify($uid, $base_id)): ?> - <li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications')) ?></li> + <li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications'), $uid) ?></li> <?php else: ?> - <li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments')) ?></li> + <li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments'), $uid) ?></li> <?php endif; ?> <?php if (has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, array($row["MaintainerUID"]))): ?> - <li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers')) ?></li> + <li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers'), $uid) ?></li> <?php endif; ?> <li><span class="flagged"><?php if ($row["RequestCount"] > 0) { echo _n('%d pending request', '%d pending requests', $row["RequestCount"]); } ?></span></li> - <li><?= html_action_link($base_uri . 'request/', __('File Request')) ?></li> + <li><?= html_action_link($base_uri . 'request/', __('File Request'), $uid) ?></li> <?php if (has_credential(CRED_PKGBASE_DELETE)): ?> - <li><?= html_action_link($base_uri . 'delete/', __('Delete Package')) ?></li> - <li><?= html_action_link($base_uri . 'merge/', __('Merge Package')) ?></li> + <li><?= html_action_link($base_uri . 'delete/', __('Delete Package'), $uid) ?></li> + <li><?= html_action_link($base_uri . 'merge/', __('Merge Package'), $uid) ?></li> <?php endif; ?> <?php if ($row["MaintainerUID"] === NULL): ?> - <li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package')) ?></li> + <li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package'), $uid) ?></li> <?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?> - <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li> - <?php endif; ?> + <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package'), $uid) ?></li> <?php endif; ?> </ul> </div> -- 2.4.4