[aur-dev] [PATCH 1/3] Move package deletion to a separate page
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
Package actions now have a separate box on the package details page. Add
a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
On Wed, Sep 26, 2012 at 08:03:24PM -0400, canyonknight wrote:
Package actions now have a separate box on the package details page. Add a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
--- web/html/index.php | 3 +++ web/html/pkgmerge.php | 48 ++++++++++++++++++++++++++++++++++++++++++++ web/template/pkg_details.php | 1 + 3 files changed, 52 insertions(+) create mode 100644 web/html/pkgmerge.php diff --git a/web/html/index.php b/web/html/index.php index 3fe6338..12f79cb 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -46,6 +46,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "delete": include('pkgdel.php'); return; + case "merge": + include('pkgmerge.php'); + return; }
if (isset($_COOKIE['AURSID'])) { diff --git a/web/html/pkgmerge.php b/web/html/pkgmerge.php new file mode 100644 index 0000000..687982e --- /dev/null +++ b/web/html/pkgmerge.php @@ -0,0 +1,48 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgfuncs.inc.php"); + +set_lang(); +check_sid(); + +html_header(__("Package Merging")); + +$atype = ""; + +if (isset($_COOKIE["AURSID"])) { + $atype = account_from_sid($_COOKIE["AURSID"]); +} + +if ($atype == "Trusted User" || $atype == "Developer"): ?> +<div class="box"> + <h2><?php echo __('Merge Package: %s', htmlspecialchars($pkgname)) ?></h2> + <p> + <?php echo __('Use this form to merge the package (%s%s%s) into another package. ', + '<strong>', htmlspecialchars($pkgname), '</strong>' + ); + echo __('Once the package has been merged it cannot be reversed. '); + echo __('Enter the package name you wish to merge the package into. '); + echo __('Select the checkbox to confirm action.') ?> + </p> + <form action="<?php echo get_uri('/packages/'); ?>" method="post"> + <fieldset> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" /> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <p><label for="merge_Into" ><?php echo __("Merge into:") ?></label> + <input type="text" id="merge_Into" name="merge_Into" /></p> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?php echo __("Confirm package merge") ?></p> + <p></p> + </fieldset> + </form> +</div> + +
Same here, it would be good if we used the echo shortcut syntax here.
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index dcc086b..182722d 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -56,6 +56,7 @@ $sources = package_sources($row["ID"]); <?php endif; ?> <?php if ($atype == "Trusted User" || $atype == "Developer"): ?> <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li> + <li><a href="<?= get_pkg_uri($row['Name']) . 'merge/'; ?>"><?= __('Merge Package'); ?></a></li> <?php endif; ?> <?php endif; ?> </ul> -- 1.7.12.1
Package actions now have a separate box on the package details page. Add
a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
The only buttons on the actions bar that were still used when virtual URLs
are enabled were the package deletion and package merging. These now reside
in separate pages, so remove the need for the actions bar when virtual URLs
are enabled.
Signed-off-by: canyonknight
On Wed, Sep 26, 2012 at 08:03:23PM -0400, canyonknight wrote:
Package actions now have a separate box on the package details page. Make a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
--- web/html/index.php | 3 +++ web/html/pkgdel.php | 45 ++++++++++++++++++++++++++++++++++++++++++++ web/template/pkg_details.php | 3 +++ 3 files changed, 51 insertions(+) create mode 100644 web/html/pkgdel.php diff --git a/web/html/index.php b/web/html/index.php index ce8fa52..3fe6338 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "unflag": $_POST['do_UnFlag'] = __('UnFlag'); break; + case "delete": + include('pkgdel.php'); + return; }
if (isset($_COOKIE['AURSID'])) { diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php new file mode 100644 index 0000000..a581176 --- /dev/null +++ b/web/html/pkgdel.php @@ -0,0 +1,45 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgfuncs.inc.php"); + +set_lang(); +check_sid(); + +html_header(__("Package Deletion")); + +$atype = ""; + +if (isset($_COOKIE["AURSID"])) { + $atype = account_from_sid($_COOKIE["AURSID"]); +} + +if ($atype == "Trusted User" || $atype == "Developer"): ?> +<div class="box"> + <h2><?php echo __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2> + <p> + <?php echo __('Use this form to delete the package (%s%s%s) from the AUR. ', + '<strong>', htmlspecialchars($pkgname), '</strong>' + ); + echo __('Deletion of a package is permanent. '); + echo __('Select the checkbox to confirm action.') ?> + </p> + <form action="<?php echo get_uri('/packages/'); ?>" method="post"> + <fieldset> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" /> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?php echo __("Confirm package deletion") ?></p> + <p></p> + </fieldset> + </form> +</div> + +
You're still using the deprecated "
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 4e9e073..dcc086b 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]); <?php else: ?> <li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li> <?php endif; ?> + <?php if ($atype == "Trusted User" || $atype == "Developer"): ?> + <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li> + <?php endif; ?> <?php endif; ?> </ul> <?php if ($uid): ?> -- 1.7.12.1
On Thu, Sep 27, 2012 at 5:08 AM, Lukas Fleischer
On Wed, Sep 26, 2012 at 08:03:23PM -0400, canyonknight wrote:
Package actions now have a separate box on the package details page. Make a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
--- web/html/index.php | 3 +++ web/html/pkgdel.php | 45 ++++++++++++++++++++++++++++++++++++++++++++ web/template/pkg_details.php | 3 +++ 3 files changed, 51 insertions(+) create mode 100644 web/html/pkgdel.php diff --git a/web/html/index.php b/web/html/index.php index ce8fa52..3fe6338 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "unflag": $_POST['do_UnFlag'] = __('UnFlag'); break; + case "delete": + include('pkgdel.php'); + return; }
if (isset($_COOKIE['AURSID'])) { diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php new file mode 100644 index 0000000..a581176 --- /dev/null +++ b/web/html/pkgdel.php @@ -0,0 +1,45 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgfuncs.inc.php"); + +set_lang(); +check_sid(); + +html_header(__("Package Deletion")); + +$atype = ""; + +if (isset($_COOKIE["AURSID"])) { + $atype = account_from_sid($_COOKIE["AURSID"]); +} + +if ($atype == "Trusted User" || $atype == "Developer"): ?> +<div class="box"> + <h2><?php echo __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2> + <p> + <?php echo __('Use this form to delete the package (%s%s%s) from the AUR. ', + '<strong>', htmlspecialchars($pkgname), '</strong>' + ); + echo __('Deletion of a package is permanent. '); + echo __('Select the checkbox to confirm action.') ?> + </p> + <form action="<?php echo get_uri('/packages/'); ?>" method="post"> + <fieldset> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" /> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" /> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <p><input type="checkbox" name="confirm_Delete" value="1" /> + <?php echo __("Confirm package deletion") ?></p> + <p></p> + </fieldset> + </form> +</div> + +
You're still using the deprecated "
My mistake. I knew you wanted to use the shortcut syntax in the /template files. I didn't know you also wanted it in the /html files from now on. I'll re-send it later. Thanks!
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 4e9e073..dcc086b 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]); <?php else: ?> <li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li> <?php endif; ?> + <?php if ($atype == "Trusted User" || $atype == "Developer"): ?> + <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li> + <?php endif; ?> <?php endif; ?> </ul> <?php if ($uid): ?> -- 1.7.12.1
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight
participants (3)
-
canyonknight
-
canyonknight@gmail.com
-
Lukas Fleischer