[aur-dev] [PATCH v5] Fake pkgbase actions for unconfirmed users

Sat Jun 27 09:13:02 UTC 2015

From: Gordian Edenhofer <gordian.edenhofer at gmail.com>

Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.

Signed-off-by: Gordian Edenhofer <gordian.edenhofer at gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
Changes since v4:

* Use absolute URIs when setting the referer.
* Do not set the referer GET parameter in html_action_form().
* Simplify the patch such that the $uid argument isn't needed at all.

 web/lib/aur.inc.php | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 95f72ce..06d604d 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) {
  * @return string The generated HTML code for the action link
  */
 function html_action_link($uri, $desc) {
-	$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+	if (isset($_COOKIE["AURSID"])) {
+		$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '?referer=';
+		$code .= urlencode($uri) . '">';
+	}
 	$code .= htmlspecialchars($desc) . '</a>';
 
 	return $code;
@@ -246,14 +251,19 @@ function html_action_link($uri, $desc) {
  * @return string The generated HTML code for the action link
  */
 function html_action_form($uri, $action, $desc) {
-	$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
-	$code .= 'method="post">';
-	$code .= '<input type="hidden" name="token" value="';
-	$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
-	$code .= '<input type="submit" class="button text-button" name="';
-	$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
-	$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
-	$code .= '</form>';
+	if (isset($_COOKIE["AURSID"])) {
+		$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
+		$code .= 'method="post">';
+		$code .= '<input type="hidden" name="token" value="';
+		$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
+		$code .= '<input type="submit" class="button text-button" name="';
+		$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+		$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
+		$code .= '</form>';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '">';
+		$code .= htmlspecialchars($desc) . '</a>';
+	}
 
 	return $code;
 }
-- 
2.4.4
