Fake pkgbase actions for unconfirmed users

Displaying flag, notify, vote, adopt and file request links for users which did not authenticate themselves and letting those fake buttons link to the login page. Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

Fake pkgbase actions for unconfirmed users
Displaying flag, notify, vote, adopt and file request links for users which did not authenticate themselves and letting those fake buttons link to the login page. Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
8bd03adb · Gordian Edenhofer · Lukas Fleischer · b036b436 · 8bd03adb · 8bd03adb
Commit 8bd03adb authored Jun 26, 2015 by Gordian Edenhofer Committed by Lukas Fleischer Jun 27, 2015
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -230,7 +230,12 @@ function html_format_maintainers($maintainer, $comaintainers) {
 * @return string The generated HTML code for the action link
 */
 function html_action_link($uri, $desc) {
-	$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+	if (isset($_COOKIE["AURSID"])) {
+		$code = '<a href="' . htmlspecialchars($uri, ENT_QUOTES) . '">';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '?referer=';
+		$code .= urlencode(rtrim(aur_location(), '/') . $uri) . '">';
+	}
 	$code .= htmlspecialchars($desc) . '</a>';

 	return $code;
@@ -246,14 +251,19 @@ function html_action_link($uri, $desc) {
 * @return string The generated HTML code for the action link
 */
 function html_action_form($uri, $action, $desc) {
-	$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
-	$code .= 'method="post">';
-	$code .= '<input type="hidden" name="token" value="';
-	$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
-	$code .= '<input type="submit" class="button text-button" name="';
-	$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
-	$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
-	$code .= '</form>';
+	if (isset($_COOKIE["AURSID"])) {
+		$code = '<form action="' . htmlspecialchars($uri, ENT_QUOTES) . '" ';
+		$code .= 'method="post">';
+		$code .= '<input type="hidden" name="token" value="';
+		$code .= htmlspecialchars($_COOKIE['AURSID'], ENT_QUOTES) . '" />';
+		$code .= '<input type="submit" class="button text-button" name="';
+		$code .= htmlspecialchars($action, ENT_QUOTES) . '" ';
+		$code .= 'value="' . htmlspecialchars($desc, ENT_QUOTES) . '" />';
+		$code .= '</form>';
+	} else {
+		$code = '<a href="' . get_uri('/login/', true) . '">';
+		$code .= htmlspecialchars($desc) . '</a>';
+	}

 	return $code;
 }

--- a/web/template/pkgbase_actions.php
+++ b/web/template/pkgbase_actions.php
@@ -9,7 +9,6 @@
 			<li><a href="<?= $snapshot_uri ?>"><?= __('Download snapshot') ?></a>
 			<li><a href="https://wiki.archlinux.org/index.php/Special:Search?search=<?= urlencode($row['Name']) ?>"><?= __('Search wiki') ?></a></li>
 			<li><span class="flagged"><?php if ($row["OutOfDateTS"] !== NULL) { echo __('Flagged out-of-date')." (${out_of_date_time})"; } ?></span></li>
-			<?php if ($uid): ?>
 			<?php if ($row["OutOfDateTS"] === NULL): ?>
 			<li><?= html_action_form($base_uri . 'flag/', "do_Flag", __('Flag package out-of-date')) ?></li>
 			<?php elseif (($row["OutOfDateTS"] !== NULL) && has_credential(CRED_PKGBASE_UNFLAG, $maintainers)): ?>
@@ -45,7 +44,6 @@
 			<?php elseif (has_credential(CRED_PKGBASE_DISOWN, array($row["MaintainerUID"]))): ?>
 			<li><?= html_action_form($base_uri . 'disown/', "do_Disown", __('Disown Package')) ?></li>
 			<?php endif; ?>
-			<?php endif; ?>
 		</ul>
 	</div>
 </div>