[aur-dev] [PATCH 1/3] Move package deletion to a separate page
canyonknight at gmail.com
canyonknight at gmail.com
Thu Sep 27 12:07:30 EDT 2012
On Thu, Sep 27, 2012 at 5:08 AM, Lukas Fleischer
<archlinux at cryptocrack.de> wrote:
> On Wed, Sep 26, 2012 at 08:03:23PM -0400, canyonknight wrote:
>> Package actions now have a separate box on the package details page. Make
>> a package deletion link in that box.
>>
>> Link leads to a new page (pkgdel.php) that can be used to confirm package
>> deletion. A separate page with confirmation is used to avoid CSRFs.
>>
>> Signed-off-by: canyonknight <canyonknight at gmail.com>
>> ---
>> web/html/index.php | 3 +++
>> web/html/pkgdel.php | 45 ++++++++++++++++++++++++++++++++++++++++++++
>> web/template/pkg_details.php | 3 +++
>> 3 files changed, 51 insertions(+)
>> create mode 100644 web/html/pkgdel.php
>>
>> diff --git a/web/html/index.php b/web/html/index.php
>> index ce8fa52..3fe6338 100644
>> --- a/web/html/index.php
>> +++ b/web/html/index.php
>> @@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
>> case "unflag":
>> $_POST['do_UnFlag'] = __('UnFlag');
>> break;
>> + case "delete":
>> + include('pkgdel.php');
>> + return;
>> }
>>
>> if (isset($_COOKIE['AURSID'])) {
>> diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php
>> new file mode 100644
>> index 0000000..a581176
>> --- /dev/null
>> +++ b/web/html/pkgdel.php
>> @@ -0,0 +1,45 @@
>> +<?php
>> +
>> +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
>> +
>> +include_once("aur.inc.php");
>> +include_once("pkgfuncs.inc.php");
>> +
>> +set_lang();
>> +check_sid();
>> +
>> +html_header(__("Package Deletion"));
>> +
>> +$atype = "";
>> +
>> +if (isset($_COOKIE["AURSID"])) {
>> + $atype = account_from_sid($_COOKIE["AURSID"]);
>> +}
>> +
>> +if ($atype == "Trusted User" || $atype == "Developer"): ?>
>> +<div class="box">
>> + <h2><?php echo __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2>
>> + <p>
>> + <?php echo __('Use this form to delete the package (%s%s%s) from the AUR. ',
>> + '<strong>', htmlspecialchars($pkgname), '</strong>'
>> + );
>> + echo __('Deletion of a package is permanent. ');
>> + echo __('Select the checkbox to confirm action.') ?>
>> + </p>
>> + <form action="<?php echo get_uri('/packages/'); ?>" method="post">
>> + <fieldset>
>> + <input type="hidden" name="IDs[<?php echo $pkgid ?>]" value="1" />
>> + <input type="hidden" name="ID" value="<?php echo $pkgid ?>" />
>> + <input type="hidden" name="token" value="<?php echo htmlspecialchars($_COOKIE['AURSID']) ?>" />
>> + <p><input type="checkbox" name="confirm_Delete" value="1" />
>> + <?php echo __("Confirm package deletion") ?></p>
>> + <p><input type="submit" class="button" name="do_Delete" value="<?php echo __("Delete") ?>" /></p>
>> + </fieldset>
>> + </form>
>> +</div>
>> +
>> +<?php else:
>> + print __("Only Trusted Users and Developers can delete packages.");
>> +endif;
>> +
>> +html_footer(AUR_VERSION);
>
> You're still using the deprecated "<?php echo" and <?php print" syntax
> here. It would be great if this could be revised to use the new shortcut
> syntax.
>
My mistake. I knew you wanted to use the shortcut syntax in the
/template files. I didn't know you also wanted it in the /html files
from now on. I'll re-send it later. Thanks!
>> diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
>> index 4e9e073..dcc086b 100644
>> --- a/web/template/pkg_details.php
>> +++ b/web/template/pkg_details.php
>> @@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]);
>> <?php else: ?>
>> <li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li>
>> <?php endif; ?>
>> + <?php if ($atype == "Trusted User" || $atype == "Developer"): ?>
>> + <li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li>
>> + <?php endif; ?>
>> <?php endif; ?>
>> </ul>
>> <?php if ($uid): ?>
>> --
>> 1.7.12.1
More information about the aur-dev
mailing list