From bb5c21dcd0cf9ebb25c3dbbaf7094f55cda08466 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Thu, 29 Aug 2024 14:15:42 +0000
Subject: [PATCH] don't allow deletion of specific page versions, fixes #4486
Closes #4486
Merge request studip/studip!3339
---
app/controllers/course/wiki.php | 29 ++++++++++++-----------------
app/views/course/wiki/history.php | 20 --------------------
2 files changed, 12 insertions(+), 37 deletions(-)
diff --git a/app/controllers/course/wiki.php b/app/controllers/course/wiki.php
index 6bfa0ce6f0c..cf87b081a80 100644
--- a/app/controllers/course/wiki.php
+++ b/app/controllers/course/wiki.php
@@ -308,29 +308,24 @@ class Course_WikiController extends AuthenticatedController
$this->redirect($this->allpagesURL());
}
- public function deleteversion_action(WikiPage $page, $version_id = null)
+ public function deleteversion_action(WikiPage $page)
{
if (!Request::isPost() || !$page->isEditable() || !CSRFProtection::verifyRequest()) {
throw new AccessDeniedException();
}
- if ($version_id === null) {
- $version = $page->versions[0];
- if ($version) {
- $page['name'] = $version['name'];
- $page['content'] = $version['content'];
- $page['user_id'] = $version['user_id'];
- $page['chdate'] = $version['mkdate'];
- $page->store();
- $version->delete();
- } else {
- $page->delete();
- }
+
+ $version = $page->versions[0];
+ if ($version) {
+ $page['name'] = $version['name'];
+ $page['content'] = $version['content'];
+ $page['user_id'] = $version['user_id'];
+ $page['chdate'] = $version['mkdate'];
+ $page->store();
+ $version->delete();
} else {
- $version = WikiVersion::find($version_id);
- if ($version['page_id'] === $page->id) {
- $version->delete();
- }
+ $page->delete();
}
+
PageLayout::postSuccess(_('Version wurde gelöscht.'));
if (Request::get('redirect_to') === 'page') {
$this->redirect($this->page($page));
diff --git a/app/views/course/wiki/history.php b/app/views/course/wiki/history.php
index cbd324d9817..81fde594c85 100644
--- a/app/views/course/wiki/history.php
+++ b/app/views/course/wiki/history.php
@@ -45,16 +45,6 @@
<a href="<?= $controller->versiondiff($page) ?>" data-dialog>
<?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
</a>
- <? if ($page->isEditable()) : ?>
- <form action="<?= $controller->deleteversion($page) ?>"
- method="post"
- class="inline"
- title="<?= _('Version löschen') ?>"
- data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
- <?= CSRFProtection::tokenTag() ?>
- <?= Icon::create('trash')->asInput() ?>
- </form>
- <? endif ?>
</td>
</tr>
<? foreach ($page->versions as $i => $version) : ?>
@@ -79,16 +69,6 @@
<a href="<?= $controller->versiondiff($page, $version->id) ?>" data-dialog>
<?= Icon::create('log')->asImg(['class' => 'text-bottom']) ?>
</a>
- <? if ($page->isEditable()) : ?>
- <form action="<?= $controller->deleteversion($page, $version->id) ?>"
- method="post"
- class="inline"
- title="<?= _('Version löschen') ?>"
- data-confirm="<?= _('Wirklich diese Version löschen?') ?>">
- <?= CSRFProtection::tokenTag() ?>
- <?= Icon::create('trash')->asInput() ?>
- </form>
- <? endif ?>
</td>
</tr>
<? endforeach ?>
--
GitLab