diff options
-rw-r--r-- | web/html/commentedit.php | 21 | ||||
-rw-r--r-- | web/html/css/aurweb.css | 13 | ||||
-rw-r--r-- | web/html/images/pencil.min.svg | 3 | ||||
-rw-r--r-- | web/html/images/pencil.svg | 55 | ||||
-rw-r--r-- | web/html/index.php | 4 | ||||
-rw-r--r-- | web/html/pkgbase.php | 4 | ||||
-rw-r--r-- | web/lib/aur.inc.php | 19 | ||||
-rw-r--r-- | web/lib/credentials.inc.php | 2 | ||||
-rw-r--r-- | web/lib/pkgfuncs.inc.php | 14 | ||||
-rw-r--r-- | web/template/pkg_comment_form.php | 10 | ||||
-rw-r--r-- | web/template/pkg_comments.php | 3 |
11 files changed, 139 insertions, 9 deletions
diff --git a/web/html/commentedit.php b/web/html/commentedit.php new file mode 100644 index 0000000..83d86dd --- /dev/null +++ b/web/html/commentedit.php @@ -0,0 +1,21 @@ +<?php + +set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); + +include_once("aur.inc.php"); +include_once("pkgbasefuncs.inc.php"); + +set_lang(); +check_sid(); + +$comment_id = intval($_REQUEST['comment_id']); +list($user_id, $comment) = comment_by_id($comment_id); + +if (!isset($base_id) || !has_credential(CRED_COMMENT_EDIT, array($user_id)) || is_null($comment)) { + header('Location: /'); + exit(); +} + +html_header(__("Edit comment")); +include('pkg_comment_form.php'); +html_footer(AURWEB_VERSION); diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index adc02bb..b5ca1f3 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -96,17 +96,24 @@ color: #999; } -.delete-comment-form { +.delete-comment-form, .edit-comment { float: right; + margin-left: 8px; } -.delete-comment { +.edit-comment { + height: 11px; + position: relative; + top: 1px; +} + +.delete-comment, .edit-comment { -webkit-filter: grayscale(100%); filter: grayscale(100%); opacity: 0.6; } -.delete-comment:hover { +.delete-comment:hover, .edit-comment:hover { -webkit-filter: none; filter: none; opacity: 1; diff --git a/web/html/images/pencil.min.svg b/web/html/images/pencil.min.svg new file mode 100644 index 0000000..06125ae --- /dev/null +++ b/web/html/images/pencil.min.svg @@ -0,0 +1,3 @@ +<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="8" width="8" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" viewBox="0 0 8 8"> +<path fill="#36a" d="m6 0l-1 1 2 2 1-1-2-2zm-2 2l-4 4v2h2l4-4-2-2z"/> +</svg> diff --git a/web/html/images/pencil.svg b/web/html/images/pencil.svg new file mode 100644 index 0000000..91f0899 --- /dev/null +++ b/web/html/images/pencil.svg @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<svg + xmlns:dc="http://purl.org/dc/elements/1.1/" + xmlns:cc="http://creativecommons.org/ns#" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:svg="http://www.w3.org/2000/svg" + xmlns="http://www.w3.org/2000/svg" + xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" + xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" + width="8" + height="8" + viewBox="0 0 8 8" + id="svg2" + version="1.1" + inkscape:version="0.91 r13725" + sodipodi:docname="pencil-arch.svg"> + <metadata + id="metadata10"> + <rdf:RDF> + <cc:Work + rdf:about=""> + <dc:format>image/svg+xml</dc:format> + <dc:type + rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> + <dc:title></dc:title> + </cc:Work> + </rdf:RDF> + </metadata> + <defs + id="defs8" /> + <sodipodi:namedview + pagecolor="#ffffff" + bordercolor="#666666" + borderopacity="1" + objecttolerance="10" + gridtolerance="10" + guidetolerance="10" + inkscape:pageopacity="0" + inkscape:pageshadow="2" + inkscape:window-width="659" + inkscape:window-height="480" + id="namedview6" + showgrid="false" + inkscape:zoom="29.5" + inkscape:cx="4" + inkscape:cy="4" + inkscape:window-x="0" + inkscape:window-y="0" + inkscape:window-maximized="0" + inkscape:current-layer="svg2" /> + <path + d="M6 0l-1 1 2 2 1-1-2-2zm-2 2l-4 4v2h2l4-4-2-2z" + id="path4" + style="fill:#3366aa;fill-opacity:1" /> +</svg> diff --git a/web/html/index.php b/web/html/index.php index 2d5f2a9..175a533 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -89,6 +89,9 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { case "comaintainers": include('comaintainers.php'); return; + case "edit-comment": + include('commentedit.php'); + return; default: header("HTTP/1.0 404 Not Found"); include "./404.php"; @@ -174,6 +177,7 @@ if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { readfile("./$path"); break; case "/images/x.min.svg": + case "/images/pencil.min.svg": header("Content-Type: image/svg+xml"); readfile("./$path"); break; diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index 5179d0c..f908029 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -104,9 +104,7 @@ if (check_token()) { list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']); } elseif (current_action("do_EditComaintainers")) { list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users'])); - } - - if (isset($_REQUEST['comment'])) { + } elseif (current_action("do_AddComment")) { $uid = uid_from_sid($_COOKIE["AURSID"]); pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); $ret = true; diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index b410db5..9997535 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -577,6 +577,25 @@ function salted_hash($passwd, $salt) { } /** + * Get a package comment + * + * @param int $comment_id The ID of the comment + * + * @return array The user ID and comment OR null, null in case of an error + */ +function comment_by_id($comment_id) { + $dbh = DB::connect(); + $q = "SELECT UsersID, Comments FROM PackageComments "; + $q.= "WHERE ID = " . intval($comment_id); + $result = $dbh->query($q); + if (!$result) { + return array(null, null); + } + + return $result->fetch(PDO::FETCH_NUM); +} + +/** * Process submitted comments so any links can be followed * * @param string $comment Raw user submitted package comment diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php index cf1fcca..648d78c 100644 --- a/web/lib/credentials.inc.php +++ b/web/lib/credentials.inc.php @@ -7,6 +7,7 @@ define("CRED_ACCOUNT_LAST_LOGIN", 4); define("CRED_ACCOUNT_SEARCH", 5); define("CRED_COMMENT_DELETE", 6); define("CRED_COMMENT_VIEW_DELETED", 22); +define("CRED_COMMENT_EDIT", 25); define("CRED_PKGBASE_ADOPT", 7); define("CRED_PKGBASE_SET_KEYWORDS", 8); define("CRED_PKGBASE_DELETE", 9); @@ -58,6 +59,7 @@ function has_credential($credential, $approved_users=array()) { case CRED_ACCOUNT_SEARCH: case CRED_COMMENT_DELETE: case CRED_COMMENT_VIEW_DELETED: + case CRED_COMMENT_EDIT: case CRED_PKGBASE_ADOPT: case CRED_PKGBASE_SET_KEYWORDS: case CRED_PKGBASE_DELETE: diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 110290b..7cb2ffc 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -43,6 +43,20 @@ function can_delete_comment_array($comment) { } /** + * Determine if the user can edit a specific package comment using an array + * + * Only the comment submitter, Trusted Users, and Developers can edit + * comments. This function is used for the frontend side of comment editing. + * + * @param array $comment All database information relating a specific comment + * + * @return bool True if the user can edit the comment, otherwise false + */ +function can_edit_comment_array($comment) { + return has_credential(CRED_COMMENT_EDIT, array($comment['UsersID'])); +} + +/** * Check to see if the package name already exists in the database * * @param string $name The package name to check diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 8a74dc1..16a92b1 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -1,5 +1,5 @@ <div id="generic-form" class="box"> - <h2><?= __("Add Comment"); ?></h2> + <h2><?= (isset($comment_id)) ? __('Edit comment for: %s', htmlspecialchars($pkgbase_name)) : __("Add Comment"); ?></h2> <form action="<?= get_pkgbase_uri($pkgbase_name) ?>" method="post"> <fieldset> <?php @@ -8,14 +8,18 @@ if (isset($_REQUEST['comment']) && check_token()) { } ?> <div> + <input type="hidden" name="action" value="<?= (isset($comment_id)) ? "do_EditComment" : "do_AddComment" ?>" /> <input type="hidden" name="ID" value="<?= intval($base_id) ?>" /> + <?php if (isset($comment_id)): ?> + <input type="hidden" name="comment_id" value="<?= $comment_id ?>" /> + <?php endif; ?> <input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" /> </div> <p> - <textarea id="id_comment" name="comment" cols="80" rows="10"></textarea> + <textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea> </p> <p> - <input type="submit" value="<?= __("Add Comment") ?>" /> + <input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" /> </p> </fieldset> </form> diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 03a6581..6cc9555 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -39,6 +39,9 @@ $count = pkgbase_comments_count($base_id, $include_deleted); </fieldset> </form> <?php endif; ?> + <?php if (!$row['DelUsersID'] && can_edit_comment_array($row)): ?> + <a href="<?= htmlspecialchars(get_pkgbase_uri($pkgbase_name) . 'edit-comment/?comment_id=' . $row['ID'], ENT_QUOTES) ?>" class="edit-comment" title="<?= __('Edit comment') ?>"><img src="/images/pencil.min.svg" alt="<?= __('Edit comment') ?>" width="11" height="11"></a> + <?php endif; ?> </h4> <div class="article-content<?php if ($row['DelUsersID']): ?> comment-deleted<?php endif; ?>"> <p> |