[aur-dev] [PATCH 2/3] Move package merging to a separate page
Lukas Fleischer
archlinux at cryptocrack.de
Thu Sep 27 05:10:52 EDT 2012
On Wed, Sep 26, 2012 at 08:03:24PM -0400, canyonknight wrote:
> Package actions now have a separate box on the package details page. Add
> a package merge link in that box.
>
> Link leads to a new page (pkgmerge.php) that can be used to confirm package
> merging. A separate page with confirmation is used to avoid CSRFs.
>
> Signed-off-by: canyonknight <canyonknight at gmail.com>
> ---
> web/html/index.php | 3 +++
> web/html/pkgmerge.php | 48 ++++++++++++++++++++++++++++++++++++++++++++
> web/template/pkg_details.php | 1 +
> 3 files changed, 52 insertions(+)
> create mode 100644 web/html/pkgmerge.php
>
> diff --git a/web/html/index.php b/web/html/index.php
> index 3fe6338..12f79cb 100644
> --- a/web/html/index.php
> +++ b/web/html/index.php
> @@ -46,6 +46,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
> case "delete":
> include('pkgdel.php');
> return;
> + case "merge":
> + include('pkgmerge.php');
> + return;
> }
>
> if (isset($_COOKIE['AURSID'])) {
> diff --git a/web/html/pkgmerge.php b/web/html/pkgmerge.php
> new file mode 100644
> index 0000000..687982e
> --- /dev/null
> +++ b/web/html/pkgmerge.php
> @@ -0,0 +1,48 @@
> +<?php
> +
> +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
> +
> +include_once("aur.inc.php");
> +include_once("pkgfuncs.inc.php");
> +
> +set_lang();
> +check_sid();
> +
> +html_header(__("Package Merging"));
> +
> +$atype = "";
> +
> +if (isset($_COOKIE["AURSID"])) {
> + $atype = account_from_sid($_COOKIE["AURSID"]);
> +}
> +
> +if ($atype == "Trusted User" || $atype == "Developer"): ?>
> +<div class="box">
> + <h2><?php echo __('Merge Package: %s', htmlspecialchars($pkgname)) ?></h2>
> + <p>
> + <?php echo __('Use this form to merge the package (%s%s%s) into another package. ',
> + '<strong>', htmlspecialchars($pkgname), '</strong>'
> + );
> + echo __('Once the package has been merged it cannot be reversed. ');
> + echo __('Enter the package name you wish to merge the package into. ');
> + echo __('Select the checkbox to confirm action.') ?>
> + </p>
> + <form action="<?php echo get_uri('/packages/'); ?>" method="post">
> + <fieldset>
> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" />
> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" />
> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" />
> + <p><label for="merge_Into" ><?php echo __("Merge into:") ?></label>
> + <input type="text" id="merge_Into" name="merge_Into" /></p>
> + <p><input type="checkbox" name="confirm_Delete" value="1" />
> + <?php echo __("Confirm package merge") ?></p>
> + <p><input type="submit" class="button" name="do_Delete" value="<?php echo __("Merge") ?>" /></p>
> + </fieldset>
> + </form>
> +</div>
> +
> +<?php else:
> + print __("Only Trusted Users and Developers can merge packages.");
> +endif;
> +
> +html_footer(AUR_VERSION);
Same here, it would be good if we used the echo shortcut syntax here.
> diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
> index dcc086b..182722d 100644
> --- a/web/template/pkg_details.php
> +++ b/web/template/pkg_details.php
> @@ -56,6 +56,7 @@ $sources = package_sources($row["ID"]);
> <?php endif; ?>
> <?php if ($atype == "Trusted User" || $atype == "Developer"): ?>
> <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li>
> + <li><a href="<?= get_pkg_uri($row['Name']) . 'merge/'; ?>"><?= __('Merge Package'); ?></a></li>
> <?php endif; ?>
> <?php endif; ?>
> </ul>
> --
> 1.7.12.1
More information about the aur-dev
mailing list