[aur-dev] [PATCH v2] Fake pkgbase actions for unconfirmed users

Gordian Edenhofer Fri, 26 Jun 2015 12:12:22 -0700

Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.
---
Agreed, the statements were kind of redundant.
I hope this patch is more straightforward.


 web/lib/aur.inc.php              | 33 ++++++++++++++++++++++-----------
 web/template/pkgbase_actions.php | 26 ++++++++++++--------------
 2 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 95f72ce..98ebde4 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -226,11 +226,16 @@ function html_format_maintainers($maintainer, 
$comaintainers) {
  *
  * @param string $uri The link target
  * @param string $desc The link label
+ * @param string $uid The User ID
  *
  * @return string The generated HTML code for the action link
  */
-function html_action_link($uri, $desc) {
-       $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+function html_action_link($uri, $desc, $uid="") {
+       if ($uid) {
+               $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+       } else {
+               $code = '<a href="' . get_uri('/login/', true) . '">';
+       }
        $code .= htmlspecialchars($desc) . '</a>';
 
        return $code;
@@ -242,18 +247,24 @@ function html_action_link($uri, $desc) {
  * @param string $uri The link target
  * @param string $action The action name (passed as HTTP POST parameter)
  * @param string $desc The link label
+ * @param string $uid The User ID
  *
  * @return string The generated HTML code for the action link
  */
-function html_action_form($uri, $action, $desc) {
-       $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
-       $code .= 'method="post">';
-       $code .= '<input type="hidden" name="token" value="';
-       $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
-       $code .= '<input type="submit" class="button text-button" name="';
-       $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
-       $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
-       $code .= '</form>';
+function html_action_form($uri, $action, $desc, $uid="") {
+       if ($uid) {
+               $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . 
'" ';
+               $code .= 'method="post">';
+               $code .= '<input type="hidden" name="token" value="';
+               $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" 
/>';
+               $code .= '<input type="submit" class="button text-button" 
name="';
+               $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+               $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" 
/>';
+               $code .= '</form>';
+       } else {
+               $code = '<a href="' . get_uri('/login/', true) . '">';
+               $code .= htmlspecialchars($desc) . '</a>';
+       }
 
        return $code;
 }
diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php
index a659c88..9675d3a 100644
--- a/web/template/pkgbase_actions.php
+++ b/web/template/pkgbase_actions.php
@@ -9,42 +9,40 @@
                        <li><a href="<?= $snapshot_uri ?>"><?= __('Download 
snapshot') ?></a>
                        <li><a 
href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= 
urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
                        <li><span class="flagged"><?php if ($row["OutOfDateTS"] 
!== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } 
?></span></li>
-                       <?php if ($uid): ?>
                        <?php if ($row["OutOfDateTS"] === NULL): ?>
-                       <li><?= html_action_form($base_uri . 'flag/', 
"do_Flag", __('Flag package out-of-date')) ?></li>
+                       <li><?= html_action_form($base_uri . 'flag/', 
"do_Flag", __('Flag package out-of-date'), $uid) ?></li>
                        <?php elseif (($row["OutOfDateTS"] !== NULL) && 
has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
-                       <li><?= html_action_form($base_uri . 'unflag/', 
"do_UnFlag", __('Unflag package')) ?></li>
+                       <li><?= html_action_form($base_uri . 'unflag/', 
"do_UnFlag", __('Unflag package'), $uid) ?></li>
                        <?php endif; ?>
 
                        <?php if (pkgbase_user_voted($uid, $base_id)): ?>
-                       <li><?= html_action_form($base_uri . 'unvote/', 
"do_UnVote", __('Remove vote')) ?></li>
+                       <li><?= html_action_form($base_uri . 'unvote/', 
"do_UnVote", __('Remove vote'), $uid) ?></li>
                        <?php else: ?>
-                       <li><?= html_action_form($base_uri . 'vote/', 
"do_Vote", __('Vote for this package')) ?></li>
+                       <li><?= html_action_form($base_uri . 'vote/', 
"do_Vote", __('Vote for this package'), $uid) ?></li>
                        <?php endif; ?>
 
                        <?php if (pkgbase_user_notify($uid, $base_id)): ?>
-                       <li><?= html_action_form($base_uri . 'unnotify/', 
"do_UnNotify", __('Disable notifications')) ?></li>
+                       <li><?= html_action_form($base_uri . 'unnotify/', 
"do_UnNotify", __('Disable notifications'), $uid) ?></li>
                        <?php else: ?>
-                       <li><?= html_action_form($base_uri . 'notify/', 
"do_Notify", __('Notify of new comments')) ?></li>
+                       <li><?= html_action_form($base_uri . 'notify/', 
"do_Notify", __('Notify of new comments'), $uid) ?></li>
                        <?php endif; ?>
 
                        <?php if 
(has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, 
array($row["MaintainerUID"]))): ?>
-                       <li><?= html_action_link($base_uri . 'comaintainers/', 
__('Manage Co-Maintainers')) ?></li>
+                       <li><?= html_action_link($base_uri . 'comaintainers/', 
__('Manage Co-Maintainers'), $uid) ?></li>
                        <?php endif; ?>
 
                        <li><span class="flagged"><?php if 
($row["RequestCount"] > 0) { echo _n('%d pending request', '%d pending 
requests', $row["RequestCount"]); } ?></span></li>
-                       <li><?= html_action_link($base_uri . 'request/', 
__('File Request')) ?></li>
+                       <li><?= html_action_link($base_uri . 'request/', 
__('File Request'), $uid) ?></li>
 
                        <?php if (has_credential(CRED_PKGBASE_DELETE)): ?>
-                       <li><?= html_action_link($base_uri . 'delete/', 
__('Delete Package')) ?></li>
-                       <li><?= html_action_link($base_uri . 'merge/', 
__('Merge Package')) ?></li>
+                       <li><?= html_action_link($base_uri . 'delete/', 
__('Delete Package'), $uid) ?></li>
+                       <li><?= html_action_link($base_uri . 'merge/', 
__('Merge Package'), $uid) ?></li>
                        <?php endif; ?>
 
                        <?php if ($row["MaintainerUID"] === NULL): ?>
-                       <li><?= html_action_form($base_uri . 'adopt/', 
"do_Adopt", __('Adopt Package')) ?></li>
+                       <li><?= html_action_form($base_uri . 'adopt/', 
"do_Adopt", __('Adopt Package'), $uid) ?></li>
                        <?php elseif (has_credential(CRED_PKGBASE_DISOWN, 
array($row["MaintainerUID"]))): ?>
-                       <li><?= html_action_form($base_uri . 'disown/', 
"do_Disown", __('Disown Package')) ?></li>
-                       <?php endif; ?>
+                       <li><?= html_action_form($base_uri . 'disown/', 
"do_Disown", __('Disown Package'), $uid) ?></li>
                        <?php endif; ?>
                </ul>
        </div>
-- 
2.4.4

[aur-dev] [PATCH v2] Fake pkgbase actions for unconfirmed users

Reply via email to