From: Gordian Edenhofer <[email protected]> Displaying flag, notify, vote, adopt and file request links for users which did not authenticate themselves and letting those fake buttons link to the login page.
Signed-off-by: Gordian Edenhofer <[email protected]> Signed-off-by: Lukas Fleischer <[email protected]> --- Accidentally submitted an old version of the v5 patch. This one actually does what the v5 changelog says. web/lib/aur.inc.php | 28 +++++++++++++++++++--------- web/template/pkgbase_actions.php | 2 -- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 95f72ce..7a455c6 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) { * @return string The generated HTML code for the action link */ function html_action_link($uri, $desc) { - $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; + if (isset($_COOKIE["AURSID"])) { + $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '?referer='; + $code .= urlencode(rtrim(aur_location(), '/') . $uri) . '">'; + } $code .= htmlspecialchars($desc) . '</a>'; return $code; @@ -246,14 +251,19 @@ function html_action_link($uri, $desc) { * @return string The generated HTML code for the action link */ function html_action_form($uri, $action, $desc) { - $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; - $code .= 'method="post">'; - $code .= '<input type="hidden" name="token" value="'; - $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; - $code .= '<input type="submit" class="button text-button" name="'; - $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; - $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; - $code .= '</form>'; + if (isset($_COOKIE["AURSID"])) { + $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; + $code .= 'method="post">'; + $code .= '<input type="hidden" name="token" value="'; + $code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />'; + $code .= '<input type="submit" class="button text-button" name="'; + $code .= htmlspecialchars($action, ENT_QUOTES) . '" '; + $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; + $code .= '</form>'; + } else { + $code = '<a href="' . get_uri('/login/', true) . '">'; + $code .= htmlspecialchars($desc) . '</a>'; + } return $code; } diff --git a/web/template/pkgbase_actions.php b/web/template/pkgbase_actions.php index 757b063..61ad18f 100644 --- a/web/template/pkgbase_actions.php +++ b/web/template/pkgbase_actions.php @@ -9,7 +9,6 @@ <li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a> <li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li> <li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li> - <?php if ($uid): ?> <?php if ($row["OutOfDateTS"] === NULL): ?> <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li> <?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?> @@ -45,7 +44,6 @@ <?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?> <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li> <?php endif; ?> - <?php endif; ?> </ul> </div> </div> -- 2.4.4
