[aur-dev] [PATCH v3] Fake pkgbase actions for unconfirmed users

Fri Jun 26 19:03:17 UTC 2015

Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.

Signed-off-by: Gordian Edenhofer <gordian.edenhofer at gmail.com>
---
 web/lib/aur.inc.php              | 33 ++++++++++++++++++++++-----------
 web/template/pkgbase_actions.php | 26 ++++++++++++--------------
 2 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 95f72ce..eb313e3 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -226,11 +226,16 @@ function html_format_maintainers($maintainer, $comaintainers) {
  *
  * @param string $uri The link target
  * @param string $desc The link label
+ * @param string $uid The User ID
  *
  * @return string The generated HTML code for the action link
  */
-function html_action_link($uri, $desc) {
-	$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+function html_action_link($uri, $desc, $uid) {
+	if ($uid) {
+		$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '">';
+	}
 	$code .= htmlspecialchars($desc) . '</a>';
 
 	return $code;
@@ -242,18 +247,24 @@ function html_action_link($uri, $desc) {
  * @param string $uri The link target
  * @param string $action The action name (passed as HTTP POST parameter)
  * @param string $desc The link label
+ * @param string $uid The User ID
  *
  * @return string The generated HTML code for the action link
  */
-function html_action_form($uri, $action, $desc) {
-	$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
-	$code .= 'method="post">';
-	$code .= '<input type="hidden" name="token" value="';
-	$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
-	$code .= '<input type="submit" class="button text-button" name="';
-	$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
-	$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
-	$code .= '</form>';
+function html_action_form($uri, $action, $desc, $uid) {
+	if ($uid) {
+		$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
+		$code .= 'method="post">';
+		$code .= '<input type="hidden" name="token" value="';
+		$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
+		$code .= '<input type="submit" class="button text-button" name="';
+		$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+		$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
+		$code .= '</form>';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '">';
+		$code .= htmlspecialchars($desc) . '</a>';
+	}
 
 	return $code;
 }
diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php
index a659c88..9675d3a 100644
--- a/web/template/pkgbase_actions.php
+++ b/web/template/pkgbase_actions.php
@@ -9,42 +9,40 @@
 			<li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a>
 			<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 			<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-			<?php if ($uid): ?>
 			<?php if ($row["OutOfDateTS"] === NULL): ?>
-			<li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li>
+			<li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date'), $uid) ?></li>
 			<?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
-			<li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package')) ?></li>
+			<li><?= html_action_form($base_uri . 'unflag/', "do_UnFlag", __('Unflag package'), $uid) ?></li>
 			<?php endif; ?>
 
 			<?php if (pkgbase_user_voted($uid, $base_id)): ?>
-			<li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote')) ?></li>
+			<li><?= html_action_form($base_uri . 'unvote/', "do_UnVote", __('Remove vote'), $uid) ?></li>
 			<?php else: ?>
-			<li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package')) ?></li>
+			<li><?= html_action_form($base_uri . 'vote/', "do_Vote", __('Vote for this package'), $uid) ?></li>
 			<?php endif; ?>
 
 			<?php if (pkgbase_user_notify($uid, $base_id)): ?>
-			<li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications')) ?></li>
+			<li><?= html_action_form($base_uri . 'unnotify/', "do_UnNotify", __('Disable notifications'), $uid) ?></li>
 			<?php else: ?>
-			<li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments')) ?></li>
+			<li><?= html_action_form($base_uri . 'notify/', "do_Notify", __('Notify of new comments'), $uid) ?></li>
 			<?php endif; ?>
 
 			<?php if (has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, array($row["MaintainerUID"]))): ?>
-			<li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers')) ?></li>
+			<li><?= html_action_link($base_uri . 'comaintainers/', __('Manage Co-Maintainers'), $uid) ?></li>
 			<?php endif; ?>
 
 			<li><span class="flagged"><?php if ($row["RequestCount"] > 0) { echo _n('%d pending request', '%d pending requests', $row["RequestCount"]); } ?></span></li>
-			<li><?= html_action_link($base_uri . 'request/', __('File Request')) ?></li>
+			<li><?= html_action_link($base_uri . 'request/', __('File Request'), $uid) ?></li>
 
 			<?php if (has_credential(CRED_PKGBASE_DELETE)): ?>
-			<li><?= html_action_link($base_uri . 'delete/', __('Delete Package')) ?></li>
-			<li><?= html_action_link($base_uri . 'merge/', __('Merge Package')) ?></li>
+			<li><?= html_action_link($base_uri . 'delete/', __('Delete Package'), $uid) ?></li>
+			<li><?= html_action_link($base_uri . 'merge/', __('Merge Package'), $uid) ?></li>
 			<?php endif; ?>
 
 			<?php if ($row["MaintainerUID"] === NULL): ?>
-			<li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package')) ?></li>
+			<li><?= html_action_form($base_uri . 'adopt/', "do_Adopt", __('Adopt Package'), $uid) ?></li>
 			<?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
-			<li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
-			<?php endif; ?>
+			<li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package'), $uid) ?></li>
 			<?php endif; ?>
 		</ul>
 	</div>
-- 
2.4.4
