[aur-dev] [PATCH v6] Fake pkgbase actions for unconfirmed users
Lukas Fleischer
lfleischer at archlinux.org
Sat Jun 27 09:17:00 UTC 2015
From: Gordian Edenhofer <gordian.edenhofer at gmail.com>
Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.
Signed-off-by: Gordian Edenhofer <gordian.edenhofer at gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
Accidentally submitted an old version of the v5 patch. This one actually
does what the v5 changelog says.
web/lib/aur.inc.php | 28 +++++++++++++++++++---------
web/template/pkgbase_actions.php | 2 --
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 95f72ce..7a455c6 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) {
* @return string The generated HTML code for the action link
*/
function html_action_link($uri, $desc) {
- $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+ if (isset($_COOKIE["AURSID"])) {
+ $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+ } else {
+ $code = '<a href="' . get_uri('/login/', true) . '?referer=';
+ $code .= urlencode(rtrim(aur_location(), '/') . $uri) . '">';
+ }
$code .= htmlspecialchars($desc) . '</a>';
return $code;
@@ -246,14 +251,19 @@ function html_action_link($uri, $desc) {
* @return string The generated HTML code for the action link
*/
function html_action_form($uri, $action, $desc) {
- $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
- $code .= 'method="post">';
- $code .= '<input type="hidden" name="token" value="';
- $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
- $code .= '<input type="submit" class="button text-button" name="';
- $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
- $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
- $code .= '</form>';
+ if (isset($_COOKIE["AURSID"])) {
+ $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
+ $code .= 'method="post">';
+ $code .= '<input type="hidden" name="token" value="';
+ $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
+ $code .= '<input type="submit" class="button text-button" name="';
+ $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+ $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
+ $code .= '</form>';
+ } else {
+ $code = '<a href="' . get_uri('/login/', true) . '">';
+ $code .= htmlspecialchars($desc) . '</a>';
+ }
return $code;
}
diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php
index 757b063..61ad18f 100644
--- a/web/template/pkgbase_actions.php
+++ b/web/template/pkgbase_actions.php
@@ -9,7 +9,6 @@
<li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a>
<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
- <?php if ($uid): ?>
<?php if ($row["OutOfDateTS"] === NULL): ?>
<li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li>
<?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
@@ -45,7 +44,6 @@
<?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
<li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
<?php endif; ?>
- <?php endif; ?>
</ul>
</div>
</div>
--
2.4.4
More information about the aur-dev
mailing list