external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fake pkgbase actions for unconfirmed users

Browse source 
Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.

Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Gordian Edenhofer 2015-06-26 21:03:17 +02:00 committed by Lukas Fleischer
parent b036b436aa
commit 8bd03adb61
2 changed files with 19 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
web/lib/aur.inc.php
View file

@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) {
* @return string The generated HTML code for the action link * @return string The generated HTML code for the action link
*/ */
function html_action_link($uri, $desc) { function html_action_link($uri, $desc) {
if (isset($_COOKIE["AURSID"])) {
$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">'; $code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
} else {
$code = '<a href="' . get_uri('/login/', true) . '?referer=';
$code .= urlencode(rtrim(aur_location(), '/') . $uri) . '">';
}
$code .= htmlspecialchars($desc) . '</a>'; $code .= htmlspecialchars($desc) . '</a>';
return $code; return $code;
@ -246,6 +251,7 @@ function html_action_link($uri, $desc) {
* @return string The generated HTML code for the action link * @return string The generated HTML code for the action link
*/ */
function html_action_form($uri, $action, $desc) { function html_action_form($uri, $action, $desc) {
if (isset($_COOKIE["AURSID"])) {
$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" '; $code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
$code .= 'method="post">'; $code .= 'method="post">';
$code .= '<input type="hidden" name="token" value="'; $code .= '<input type="hidden" name="token" value="';
@ -254,6 +260,10 @@ function html_action_form($uri, $action, $desc) {
$code .= htmlspecialchars($action, ENT_QUOTES) . '" '; $code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />'; $code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
$code .= '</form>'; $code .= '</form>';
} else {
$code = '<a href="' . get_uri('/login/', true) . '">';
$code .= htmlspecialchars($desc) . '</a>';
}
return $code; return $code;
} }

2
web/template/pkgbase_actions.php
View file

@ -9,7 +9,6 @@
<li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a> <li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a>
<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li> <li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li> <li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
<?php if ($uid): ?>
<?php if ($row["OutOfDateTS"] === NULL): ?> <?php if ($row["OutOfDateTS"] === NULL): ?>
<li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li> <li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li>
<?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?> <?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
@ -45,7 +44,6 @@
<?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?> <?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
<li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li> <li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
<?php endif; ?> <?php endif; ?>
<?php endif; ?>
</ul> </ul>
</div> </div>
</div> </div>