[aur-dev] [PATCH v2] Fake pkgbase actions for unconfirmed users
Gordian Edenhofer
gordian.edenhofer at gmail.com
Fri Jun 26 19:03:17 UTC 2015
Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.
---
Agreed, the statements were kind of redundant.
I hope this patch is more straightforward.
web/lib/aur.inc.php | 33 ++++++++++++++++++++++-----------
web/template/pkgbase_actions.php | 26 ++++++++++++--------------
2 files changed, 34 insertions(+), 25 deletions(-)
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 95f72ce..98ebde4 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -226,11 +226,16 @@ function html_format_maintainers($maintainer, $comaintainers) {
*
* @param string $uri The link target
* @param string $desc The link label
+ * @param string $uid The User ID
*
* @return string The generated HTML code for the action link
*/
-function html_action_link($uri, $desc) {
- $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+function html_action_link($uri, $desc, $uid="") {
+ if ($uid) {
+ $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+ } else {
+ $code = '<a href="' . get_uri('/login/', true) . '">';
+ }
$code .= htmlspecialchars($desc) . '</a>';
return $code;
@@ -242,18 +247,24 @@ function html_action_link($uri, $desc) {
* @param string $uri The link target
* @param string $action The action name (passed as HTTP POST parameter)
* @param string $desc The link label
+ * @param string $uid The User ID
*
* @return string The generated HTML code for the action link
*/
-function html_action_form($uri, $action, $desc) {
- $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
- $code .= 'method="post">';
- $code .= '<input type="hidden" name="token" value="';
- $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
- $code .= '<input type="submit" class="button text-button" name="';
- $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
- $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
- $code .= '</form>';
+function html_action_form($uri, $action, $desc, $uid="") {
+ if ($uid) {
+ $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
+ $code .= 'method="post">';
+ $code .= '<input type="hidden" name="token" value="';
+ $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
+ $code .= '<input type="submit" class="button text-button" name="';
+ $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+ $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
+ $code .= '</form>';
+ } else {
+ $code = '<a href="' . get_uri('/login/', true) . '">';
+ $code .= htmlspecialchars($desc) . '</a>';
+ }
return $code;
}
diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php
index a659c88..9675d3a 100644
--- a/web/template/pkgbase_actions.php
+++ b/web/template/pkgbase_actions.php
@@ -9,42 +9,40 @@
<li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a>
<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
- <?php if ($uid): ?>
<?php if ($row["OutOfDateTS"] === NULL): ?>
- <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li>
+ <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date'), $uid) ?></li>
<?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
- <li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package')) ?></li>
+ <li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package'), $uid) ?></li>
<?php endif; ?>
<?php if (pkgbase_user_voted($uid, $base_id)): ?>
- <li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote')) ?></li>
+ <li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote'), $uid) ?></li>
<?php else: ?>
- <li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package')) ?></li>
+ <li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package'), $uid) ?></li>
<?php endif; ?>
<?php if (pkgbase_user_notify($uid, $base_id)): ?>
- <li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications')) ?></li>
+ <li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications'), $uid) ?></li>
<?php else: ?>
- <li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments')) ?></li>
+ <li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments'), $uid) ?></li>
<?php endif; ?>
<?php if (has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, array($row["MaintainerUID"]))): ?>
- <li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers')) ?></li>
+ <li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers'), $uid) ?></li>
<?php endif; ?>
<li><span class="flagged"><?php if ($row["RequestCount"] > 0) { echo _n('%d pending request', '%d pending requests', $row["RequestCount"]); } ?></span></li>
- <li><?= html_action_link($base_uri . 'request/', __('File Request')) ?></li>
+ <li><?= html_action_link($base_uri . 'request/', __('File Request'), $uid) ?></li>
<?php if (has_credential(CRED_PKGBASE_DELETE)): ?>
- <li><?= html_action_link($base_uri . 'delete/', __('Delete Package')) ?></li>
- <li><?= html_action_link($base_uri . 'merge/', __('Merge Package')) ?></li>
+ <li><?= html_action_link($base_uri . 'delete/', __('Delete Package'), $uid) ?></li>
+ <li><?= html_action_link($base_uri . 'merge/', __('Merge Package'), $uid) ?></li>
<?php endif; ?>
<?php if ($row["MaintainerUID"] === NULL): ?>
- <li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package')) ?></li>
+ <li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package'), $uid) ?></li>
<?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
- <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
- <?php endif; ?>
+ <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package'), $uid) ?></li>
<?php endif; ?>
</ul>
</div>
--
2.4.4
More information about the aur-dev
mailing list