From: Gordian Edenhofer <gordian.edenhofer@gmail.com> Displaying flag, notify, vote, adopt and file request links for users which did not authenticate themselves and letting those fake buttons link to the login page. Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- Changes since v4: * Use absolute URIs when setting the referer. * Do not set the referer GET parameter in html_action_form(). * Simplify the patch such that the $uid argument isn't needed at all. web/lib/aur.inc.php | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 95f72ce..06d604d 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) { * @return string The generated HTML code for the action link */ function html_action_link($uri, $desc) { - $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; + if (isset($_COOKIE["AURSID"])) { + $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '?referer='; + $code .= urlencode($uri) . '">'; + } $code .= htmlspecialchars($desc) . '</a>'; return $code; @@ -246,14 +251,19 @@ function html_action_link($uri, $desc) { * @return string The generated HTML code for the action link */ function html_action_form($uri, $action, $desc) { - $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; - $code .= 'method="post">'; - $code .= '<input type="hidden" name="token" value="'; - $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; - $code .= '<input type="submit" class="button text-button" name="'; - $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; - $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; - $code .= '</form>'; + if (isset($_COOKIE["AURSID"])) { + $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; + $code .= 'method="post">'; + $code .= '<input type="hidden" name="token" value="'; + $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; + $code .= '<input type="submit" class="button text-button" name="'; + $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; + $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; + $code .= '</form>'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '">'; + $code .= htmlspecialchars($desc) . '</a>'; + } return $code; } -- 2.4.4