Commit 752c5a6e authored by canyonknight's avatar canyonknight Committed by Lukas Fleischer
Browse files

Move package merging to a separate page

Package actions now have a separate box on the package details page. Add
a package merge link in that box.

Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.

Signed-off-by: default avatarcanyonknight <>
Signed-off-by: default avatarLukas Fleischer <>
parent 00cffd7d
......@@ -46,6 +46,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
case "delete":
case "merge":
if (isset($_COOKIE['AURSID'])) {
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
html_header(__("Package Merging"));
$atype = "";
if (isset($_COOKIE["AURSID"])) {
$atype = account_from_sid($_COOKIE["AURSID"]);
if ($atype == "Trusted User" || $atype == "Developer"): ?>
<div class="box">
<h2><?= __('Merge Package: %s', htmlspecialchars($pkgname)) ?></h2>
<?= __('Use this form to merge the package (%s%s%s) into another package. ',
'<strong>', htmlspecialchars($pkgname), '</strong>'); ?>
<?= __('Once the package has been merged it cannot be reversed. '); ?>
<?= __('Enter the package name you wish to merge the package into. '); ?>
<?= __('Select the checkbox to confirm action.') ?>
<form action="<?= get_uri('/packages/'); ?>" method="post">
<input type="hidden" name="IDs[<?= $pkgid ?>]" value="1" />
<input type="hidden" name="ID" value="<?= $pkgid ?>" />
<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
<p><label for="merge_Into" ><?= __("Merge into:") ?></label>
<input type="text" id="merge_Into" name="merge_Into" /></p>
<p><input type="checkbox" name="confirm_Delete" value="1" />
<?= __("Confirm package merge") ?></p>
<p><input type="submit" class="button" name="do_Delete" value="<?= __("Merge") ?>" /></p>
<?php else:
print __("Only Trusted Users and Developers can merge packages.");
......@@ -56,6 +56,7 @@ $sources = package_sources($row["ID"]);
<?php endif; ?>
<?php if ($atype == "Trusted User" || $atype == "Developer"): ?>
<li><a href="<?= get_pkg_uri($row['Name']) . 'delete/'; ?>"><?= __('Delete Package'); ?></a></li>
<li><a href="<?= get_pkg_uri($row['Name']) . 'merge/'; ?>"><?= __('Merge Package'); ?></a></li>
<?php endif; ?>
<?php endif; ?>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment