From 060fecf5ec59202c5eaf3448f9723a81820d5735 Mon Sep 17 00:00:00 2001 From: Mike Cochrane Date: Sun, 20 Jul 2008 08:45:52 -0400 Subject: [PATCH] Clean up delete code. Add missing htaccess rule. Exit after errors so the code doesn't continue running. darcs-hash:20080720124552-533db-81be2c04445f146e477b1bb7e6e8e7d0eb27431d.gz --- actions/deletenotice.php | 91 ++++++++++++++++++++-------------------- htaccess.sample | 1 + lib/deleteaction.php | 48 ++++++++++----------- 3 files changed, 70 insertions(+), 70 deletions(-) diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 06c1bf27ea..f2c040a5a9 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -28,65 +28,64 @@ class DeletenoticeAction extends DeleteAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->delete_notice(); - } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { - $this->show_form(); + } else if ($_SERVER['REQUEST_METHOD'] == 'GET') { + $this->show_form(); } } - function get_instructions() { - return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); - } + function get_instructions() { + return _('You are about to permanently delete a notice. Once this is done, it cannot be undone.'); + } function get_title() { return _('Delete notice'); } function show_form($error=NULL) { - $user = common_current_user(); + $user = common_current_user(); - common_show_header($this->get_title(), array($this, 'show_header'), array($q, $error), + common_show_header($this->get_title(), array($this, 'show_header'), NULL, array($this, 'show_top')); - common_element_start('form', array('id' => 'notice_delete_form', - 'method' => 'post', - 'action' => common_local_url('deletenotice'))); - common_hidden('notice', $this->trimmed(notice)); - common_element_start('p'); - common_element('span', array('id' => 'confirmation_text'),_('Are you sure you want to delete this notice?')); + common_element_start('form', array('id' => 'notice_delete_form', + 'method' => 'post', + 'action' => common_local_url('deletenotice'))); + common_hidden('notice', $this->trimmed('notice')); + common_element_start('p'); + common_element('span', array('id' => 'confirmation_text'), _('Are you sure you want to delete this notice?')); - common_element('input', array('id' => 'submit_no', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('No'))); - common_element('input', array('id' => 'submit_yes', - 'name' => 'submit', - 'type' => 'submit', - 'value' => _('Yes'))); - common_element_end('p'); - common_element_end('form'); + common_element('input', array('id' => 'submit_no', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('No'))); + common_element('input', array('id' => 'submit_yes', + 'name' => 'submit', + 'type' => 'submit', + 'value' => _('Yes'))); + common_element_end('p'); + common_element_end('form'); common_show_footer(); } - function delete_notice() { - $url = common_get_returnto(); - $confirmed = $this->trimmed('submit'); - if ($confirmed == 'Yes') { - $user = common_current_user(); - $notice_id = $this->trimmed('notice'); - $notice = Notice::staticGet($notice_id); - $replies = new Reply; - $replies->get('notice_id', $notice_id); - - common_dequeue_notice($notice); - $replies->delete(); - $notice->delete(); - } - else { - if ($url) { - common_set_returnto(NULL); - } else { - $url = common_local_url('public'); - } - } - common_redirect($url); - } + function delete_notice() { + $url = common_get_returnto(); + $confirmed = $this->trimmed('submit'); + if ($confirmed == _('Yes')) { + $user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $notice = Notice::staticGet($notice_id); + $replies = new Reply; + $replies->get('notice_id', $notice_id); + + common_dequeue_notice($notice); + $replies->delete(); + $notice->delete(); + } else { + if ($url) { + common_set_returnto(NULL); + } else { + $url = common_local_url('public'); + } + } + common_redirect($url); + } } diff --git a/htaccess.sample b/htaccess.sample index 7ec889bc1c..21c12f2eb5 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -41,6 +41,7 @@ RewriteRule ^search/notice/rss$ index.php?action=noticesearchrss [L,QSA] RewriteRule ^notice/new$ index.php?action=newnotice [L,QSA] RewriteRule ^notice/(\d+)$ index.php?action=shownotice¬ice=$1 [L,QSA] +RewriteRule ^deletenotice/((\d+))?$ index.php?action=deletenotice¬ice=$2 [L,QSA] RewriteRule ^user/(\d+)$ index.php?action=userbyid&id=$1 [L,QSA] diff --git a/lib/deleteaction.php b/lib/deleteaction.php index 5d7a3245ae..5ba0e7e442 100644 --- a/lib/deleteaction.php +++ b/lib/deleteaction.php @@ -23,39 +23,39 @@ class DeleteAction extends Action { function handle($args) { parent::handle($args); - $user = common_current_user(); - $notice_id = $this->trimmed('notice'); - $notice = Notice::staticGet($notice_id); - $profile = $notice->getProfile(); - $user_profile = $user->getProfile(); - - if (!common_logged_in()) { - common_user_error(_('Not logged in.')); - } else if ($notice->profile_id != $user_profile->id) { - common_user_error(_('Can\'t delete this notice.')); - } + $user = common_current_user(); + $notice_id = $this->trimmed('notice'); + $notice = Notice::staticGet($notice_id); + if (!$notice) { + common_user_error(_('No such notice.')); + exit; + } + + $profile = $notice->getProfile(); + $user_profile = $user->getProfile(); + + if (!common_logged_in()) { + common_user_error(_('Not logged in.')); + exit; + } else if ($notice->profile_id != $user_profile->id) { + common_user_error(_('Can\'t delete this notice.')); + exit; + } } function show_top($arr=NULL) { - if ($arr) { - $error = $arr[1]; - } - if ($error) { - common_element('p', 'error', $error); - } else { - $instr = $this->get_instructions(); - $output = common_markup_to_html($instr); - common_element_start('div', 'instructions'); - common_raw($output); - common_element_end('div'); - } + $instr = $this->get_instructions(); + $output = common_markup_to_html($instr); + common_element_start('div', 'instructions'); + common_raw($output); + common_element_end('div'); } function get_title() { return NULL; } - function show_header($arr) { + function show_header() { return; } } -- 2.39.5