From be82642eeaa38d4cf18cea351f1ada1898fa844e Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Tue, 11 Jul 2023 12:27:24 +0000
Subject: [PATCH] use asButton() instead of custom JS code, fixes #2830

Closes #2830

Merge request studip/studip!1916
---
 app/controllers/messages.php | 46 +++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 24 deletions(-)

diff --git a/app/controllers/messages.php b/app/controllers/messages.php
index d633a723b80..417a721c94f 100644
--- a/app/controllers/messages.php
+++ b/app/controllers/messages.php
@@ -718,28 +718,26 @@ class MessagesController extends AuthenticatedController {
     /* delete all sent or received messages */
     public function purge_action($sndrec)
     {
-        if (Request::isPost()) {
-            CSRFProtection::verifyUnsafeRequest();
-
-            $query = "SELECT message_id
-                      FROM message_user
-                      WHERE snd_rec = :sndrec
-                        AND user_id = :id
-                        AND deleted != 1";
-            $returnedMessages = DBManager::get()->fetchFirst($query, [
-                'sndrec' => $sndrec,
-                'id' => $GLOBALS['user']->id,
-            ]);
-            foreach ($returnedMessages as $returnedMessage) {
-                $this->deleteMessage($returnedMessage, $sndrec);
-            }
-            if ($sndrec === 'rec') {
-                PageLayout::postSuccess(_('Alle empfangenen Nachrichten wurden gelÃ¶scht.'));
-                $this->redirect('messages/overview');
-            } else if ($sndrec === 'snd') {
-                PageLayout::postSuccess(_('Alle gesendeten Nachrichten wurden gelÃ¶scht.'));
-                $this->redirect('messages/sent');
-            }
+        CSRFProtection::verifyUnsafeRequest();
+
+        $query = "SELECT message_id
+                  FROM message_user
+                  WHERE snd_rec = :sndrec
+                    AND user_id = :id
+                    AND deleted != 1";
+        $returnedMessages = DBManager::get()->fetchFirst($query, [
+            'sndrec' => $sndrec,
+            'id' => $GLOBALS['user']->id,
+        ]);
+        foreach ($returnedMessages as $returnedMessage) {
+            $this->deleteMessage($returnedMessage, $sndrec);
+        }
+        if ($sndrec === 'rec') {
+            PageLayout::postSuccess(_('Alle empfangenen Nachrichten wurden gelÃ¶scht.'));
+            $this->redirect('messages/overview');
+        } else if ($sndrec === 'snd') {
+            PageLayout::postSuccess(_('Alle gesendeten Nachrichten wurden gelÃ¶scht.'));
+            $this->redirect('messages/sent');
         }
     }
 
@@ -1009,8 +1007,8 @@ class MessagesController extends AuthenticatedController {
                     _('Nachrichten im Posteingang lÃ¶schen'),
                     $this->url_for('messages/purge/rec'),
                     Icon::create('trash'),
-                    ['onclick' => 'return STUDIP.Dialog.confirmAsPost("' . $message . '", this.href);']
-                );
+                    ['data-confirm' => $message]
+                )->asButton();
             }
         } elseif ($action === 'sent') {
             if (MessageUser::countBySQL("snd_rec = 'snd' AND user_id = :id AND deleted != 1 LIMIT 1", ['id' => $GLOBALS['user']->id])) {
-- 
GitLab