[aur-dev] [PATCH v2 1/3] Move package deletion to a separate page

canyonknight canyonknight at gmail.com
Thu Sep 27 17:02:11 EDT 2012


Package actions now have a separate box on the package details page. Make
a package deletion link in that box.

Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.

Signed-off-by: canyonknight <canyonknight at gmail.com>
---
 web/html/index.php           |  3 +++
 web/html/pkgdel.php          | 44 ++++++++++++++++++++++++++++++++++++++++++++
 web/template/pkg_details.php |  3 +++
 3 files changed, 50 insertions(+)
 create mode 100644 web/html/pkgdel.php

diff --git a/web/html/index.php b/web/html/index.php
index ce8fa52..3fe6338 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
 			case "unflag":
 				$_POST['do_UnFlag'] = __('UnFlag');
 				break;
+			case "delete":
+				include('pkgdel.php');
+				return;
 			}
 
 			if (isset($_COOKIE['AURSID'])) {
diff --git a/web/html/pkgdel.php b/web/html/pkgdel.php
new file mode 100644
index 0000000..7f244eb
--- /dev/null
+++ b/web/html/pkgdel.php
@@ -0,0 +1,44 @@
+<?php
+
+set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
+
+include_once("aur.inc.php");
+include_once("pkgfuncs.inc.php");
+
+set_lang();
+check_sid();
+
+html_header(__("Package Deletion"));
+
+$atype = "";
+
+if (isset($_COOKIE["AURSID"])) {
+	$atype = account_from_sid($_COOKIE["AURSID"]);
+}
+
+if ($atype == "Trusted User" || $atype == "Developer"): ?>
+<div class="box">
+	<h2><?= __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2>
+	<p>
+		<?= __('Use this form to delete the package (%s%s%s) from the AUR. ',
+			'<strong>', htmlspecialchars($pkgname), '</strong>'); ?>
+		<?= __('Deletion of a package is permanent. '); ?>
+		<?= __('Select the checkbox to confirm action.') ?>
+	</p>
+	<form action="<?= get_uri('/packages/'); ?>" method="post">
+		<fieldset>
+			<input type="hidden" name="IDs[<?= $pkgid ?>]" value="1" />
+			<input type="hidden" name="ID" value="<?= $pkgid ?>" />
+			<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
+			<p><input type="checkbox" name="confirm_Delete" value="1" />
+			<?= __("Confirm package deletion") ?></p>
+			<p><input type="submit" class="button" name="do_Delete" value="<?= __("Delete") ?>" /></p>
+		</fieldset>
+	</form>
+</div>
+
+<?php else:
+	print __("Only Trusted Users and Developers can delete packages.");
+endif;
+
+html_footer(AUR_VERSION);
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index 4e9e073..dcc086b 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]);
 				<?php else: ?>
 				<li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li>
 				<?php endif; ?>
+				<?php if ($atype == "Trusted User" || $atype == "Developer"): ?>
+				<li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li>
+				<?php endif; ?>
 				<?php endif; ?>
 			</ul>
 			<?php if ($uid): ?>
-- 
1.7.12.1



More information about the aur-dev mailing list