From 293d64e12268e2829918fc0bc7cfbc06bb4de9f2 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 20 Oct 2014 21:55:36 -0500
Subject: [PATCH] [ticket/13189] Do not use confirm box for marking all
 notifications read

We already use a token for preventing CSRF when marking notifications read.
Making a user confirm the marking read action serves no real purpose. No
information will be lost by just marking the notifications read but it will
prevent users from always having to confirm this action.

PHPBB3-13189
---
 phpBB/includes/ucp/ucp_notifications.php | 42 +++++++++---------------
 tests/functional/notification_test.php   |  2 --
 2 files changed, 16 insertions(+), 28 deletions(-)

diff --git a/phpBB/includes/ucp/ucp_notifications.php b/phpBB/includes/ucp/ucp_notifications.php
index 5691302b83..b0aeaba227 100644
--- a/phpBB/includes/ucp/ucp_notifications.php
+++ b/phpBB/includes/ucp/ucp_notifications.php
@@ -95,35 +95,25 @@ class ucp_notifications
 			case 'notification_list':
 			default:
 				// Mark all items read
-				if ($request->variable('mark', '') == 'all' && (confirm_box(true) || check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')))
+				if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read'))
 				{
-					if (confirm_box(true))
+					$phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
+
+					meta_refresh(3, $this->u_action);
+					$message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
+
+					if ($request->is_ajax())
 					{
-						$phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time);
-
-						meta_refresh(3, $this->u_action);
-						$message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS'];
-
-						if ($request->is_ajax())
-						{
-							$json_response = new \phpbb\json_response();
-							$json_response->send(array(
-								'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
-								'MESSAGE_TEXT'	=> $message,
-								'success'		=> true,
-							));
-						}
-						$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
-
-						trigger_error($message);
-					}
-					else
-					{
-						confirm_box(false, 'NOTIFICATIONS_MARK_ALL_READ', build_hidden_fields(array(
-							'mark'		=> 'all',
-							'form_time'	=> $form_time,
-						)));
+						$json_response = new \phpbb\json_response();
+						$json_response->send(array(
+							'MESSAGE_TITLE'	=> $user->lang['INFORMATION'],
+							'MESSAGE_TEXT'	=> $message,
+							'success'		=> true,
+						));
 					}
+					$message .= '<br /><br />' . $user->lang('RETURN_UCP', '<a href="' . $this->u_action . '">', '</a>');
+
+					trigger_error($message);
 				}
 
 				// Mark specific notifications read
diff --git a/tests/functional/notification_test.php b/tests/functional/notification_test.php
index 667d268b1e..ec03f7a6a4 100644
--- a/tests/functional/notification_test.php
+++ b/tests/functional/notification_test.php
@@ -82,8 +82,6 @@ class phpbb_functional_notification_test extends phpbb_functional_test_case
 		// Get form token
 		$link = $crawler->selectLink($this->lang('NOTIFICATIONS_MARK_ALL_READ'))->link()->getUri();
 		$crawler = self::request('GET', substr($link, strpos($link, 'ucp.')));
-		$form = $crawler->selectButton($this->lang('YES'))->form();
-		$crawler = self::submit($form);
 		$this->assertEquals(0, $crawler->filter('#notification_list_button strong')->text());
 	}
 }