external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move package deletion to a separate page

Browse source 
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.

Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2012-09-27 17:02:11 -04:00 committed by Lukas Fleischer
parent d56a88897b
commit 00cffd7ddb
3 changed files with 50 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/html/index.php
View file

@ -43,6 +43,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
case "unflag": case "unflag":
$_POST['do_UnFlag'] = __('UnFlag'); $_POST['do_UnFlag'] = __('UnFlag');
break; break;
case "delete":
include('pkgdel.php');
return;
} }
if (isset($_COOKIE['AURSID'])) { if (isset($_COOKIE['AURSID'])) {

44
web/html/pkgdel.php Normal file
View file

@ -0,0 +1,44 @@
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
include_once("aur.inc.php");
include_once("pkgfuncs.inc.php");
set_lang();
check_sid();
html_header(__("Package Deletion"));
$atype = "";
if (isset($_COOKIE["AURSID"])) {
$atype = account_from_sid($_COOKIE["AURSID"]);
}
if ($atype == "Trusted User" || $atype == "Developer"): ?>
<div class="box">
<h2><?= __('Delete Package: %s', htmlspecialchars($pkgname)) ?></h2>
<p>
<?= __('Use this form to delete the package (%s%s%s) from the AUR. ',
'<strong>', htmlspecialchars($pkgname), '</strong>'); ?>
<?= __('Deletion of a package is permanent. '); ?>
<?= __('Select the checkbox to confirm action.') ?>
</p>
<form action="<?= get_uri('/packages/'); ?>" method="post">
<fieldset>
<input type="hidden" name="IDs[<?= $pkgid ?>]" value="1" />
<input type="hidden" name="ID" value="<?= $pkgid ?>" />
<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
<p><input type="checkbox" name="confirm_Delete" value="1" />
<?= __("Confirm package deletion") ?></p>
<p><input type="submit" class="button" name="do_Delete" value="<?= __("Delete") ?>" /></p>
</fieldset>
</form>
</div>
<?php else:
print __("Only Trusted Users and Developers can delete packages.");
endif;
html_footer(AUR_VERSION);

3
web/template/pkg_details.php
View file

@ -54,6 +54,9 @@ $sources = package_sources($row["ID"]);
<?php else: ?> <?php else: ?>
<li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li> <li><a href="<?= get_pkg_uri($row['Name']) . 'notify/'; ?>"><?= __('Notify of new comments'); ?></a></li>
<?php endif; ?> <?php endif; ?>
<?php if ($atype == "Trusted User" || $atype == "Developer"): ?>
<li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li>
<?php endif; ?>
<?php endif; ?> <?php endif; ?>
</ul> </ul>
<?php if ($uid): ?> <?php if ($uid): ?>