summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-09-16Show providers in dependenciesLukas Fleischer1-6/+59
For all "virtual provisions" in package dependencies, show links to the actual packages providing the dependency. This partly implements FS#14125. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-12Mitigate JSONP callback vulnerabilitiesLukas Fleischer1-2/+6
The callback parameter of the RPC interface currently allows for specifying a prefix of arbitrary length of the returned result. This can be exploited by certain attacks. As a countermeasure, this patch restricts the allowed character set for the callback name to letters, digits, underscores, parenthesis and dots. It also limits the length of the name to 128 characters. Furthermore, the reflected callback name is now always prepended with "/**/", which is a common workaround to protect against attacks such as Rosetta Flash. Fixes FS#46259. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Allow for logging in via email addressLukas Fleischer3-2/+17
Accept both user names and email addresses in the login prompt. Suggested-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Remove superfluous function valid_user()Lukas Fleischer2-27/+2
This helper function was almost 100% identical to uid_from_username(). Switch to using uid_from_username(), which has a much better name and implementation, everywhere. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Require comments when flagging packages out-of-dateLukas Fleischer6-12/+27
Implements FS#42827. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Move package base flagging to a separate formLukas Fleischer3-3/+47
Show a separate confirmation page when flagging a package out-of-date. Implements FS#44967. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-31Fix duplicate escaping of action linksLukas Fleischer1-7/+7
The __() helper function already escapes HTML special characters. Do not escape them again in html_action_*(). Fixes FS#45780. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-30Allow users to unflag packages they flagged themselvesLukas Fleischer5-5/+8
Sometimes, a user accidentally flags a package out-of-date. Allow users to unflag packages that they flagged themselves, thereby providing a way to undo these actions. Implements FS#46145. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-30Remember user ID when flagging package basesLukas Fleischer3-2/+12
Add a new FlaggerUID field to the database and use it to store the user ID of the account who recently flagged a package out-of-date. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-19updates_table.php: Fix identification of new packagesMarcel Korpel1-1/+1
Currently, package creation has to be done separately from first submission, so ModifiedTS will never be the same as SubmittedTS. Consider all packages that are submitted within an hour from package creation as new. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-19account_edit_form.php: Warn users to correctly enter their email addressMarcel Korpel1-0/+4
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-17Update link to package submission documentationStefan Auditor1-1/+1
Fixes FS#45942. Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-17Display sources count on package details pageStefan Auditor1-1/+1
Show item count on sources section just like it is done for dependencies and required by. Fixes FS#45881. Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-17Do not allow empty commentsMarcel Korpel2-2/+11
Fixes FS#45870. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-17Remove success message from comment formMarcel Korpel1-5/+0
To be more flexible with messages, we shouldn't always output this message when a comment has been sent. Moreover, currently it is not displayed due to the POST-Redirect-GET pattern, where the comment parameter is lost after redirection. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-16Remove trailing slash from git urlsStefan Auditor1-2/+2
Circumvents the temporary regression in git that clones a repository as foo-git.git instead of foo-git and matches the format used by other commonly used git hosting providers. Fixes FS#45834. Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-16Update translation documentationStefan Auditor1-3/+2
Update the link to the project page on Transifex and remove an outdated link to the Arch Wiki. Fixes FS#45966. Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-16Add a restore command to the SSH interfaceLukas Fleischer4-9/+33
Implement a new command that can be used to restore deleted package bases without having to push a new commit. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-14git-update: Add commentsLukas Fleischer1-0/+5
Add some comments to explain the major steps performed in the update hook. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-14git-update: Remove superfluous assignmentLukas Fleischer1-1/+0
The pkgbase variable already contains the package base name at this point, no need to reassign it. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-14git-update: Move blacklist reading further downLukas Fleischer1-3/+3
Since c4870a9 (git-update: Only check HEAD for blacklisted packages, 2015-06-04), only the HEAD commit package name is looked up in the blacklist. This means that we no longer need to read the blacklist before running the commit walker. Moving the blacklist reading code further down makes the code easier to read. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-11rpc: msearch: Give orphans on empty maintainer argumentJohannes Löthberg1-2/+6
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Document the Git/SSH interfaceLukas Fleischer1-0/+81
Add a document describing how the Git/SSH interface works internally. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Move documentation to a subdirectoryLukas Fleischer4-7/+12
Create a new subdirectory doc/ that contains documentation. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08aurjson.class.php: Add missing PHPDocLukas Fleischer1-0/+17
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08pkg_comments.php: Add JavaScript function to edit commentsMarcel Korpel4-0/+45
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08aurjson.class.php: Add method get_comment_form()Marcel Korpel1-1/+48
This method will be used by the JavaScript comment editing and produces a form containing the comment. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Split pkg_comment_form.php so the outer box is not always includedMarcel Korpel5-7/+7
For use in the new RPC interface to edit comments, the form shouldn't always print a header. Create a new template pkg_comment_box.php that prints form and box, change template pkg_comment_form.php to only print the form. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08pkg_comments.php: Merge two DIVs with same IDMarcel Korpel1-3/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Do not use the term "unsupported" for AUR packagesLukas Fleischer6-9/+8
We no longer use the term [unsupported] to refer to the "repository" of AUR packages. Update texts and variable names accordingly. Fixes FS#45381. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Show popularity in package base detailsLukas Fleischer4-3/+13
Fixes FS#45600. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Set correct 'My Account' link after changing usernameMarcel Korpel3-26/+54
Don't print messages (and the account form) in process_account_form() anymore, but return them to the caller. When updating accounts, this function will be called before the headers are written. If a username has been changed by process_account_form(), the headers now show the updated username from the database in the 'My Account' link. Clicking on it immediately after changing a username will no longer lead to a non-existing URL. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Surround message with <p> tagsMarcel Korpel1-1/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Use username from the database if one is provided by the userMarcel Korpel3-7/+9
This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Jump to latest comments after adding a commentMarcel Korpel1-0/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Jump to comment after editingMarcel Korpel1-3/+7
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Add IDs to commentsMarcel Korpel1-1/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Only autofocus search field on the package search pageMarcel Korpel1-1/+1
This needs to be disabled on package pages to be able to add a URL fragment after comment editing. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Show dateline when a comment is edited or deletedMarcel Korpel3-15/+37
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Support comment editing in the backendMarcel Korpel5-1/+73
Create two new actions, do_AddComment and do_EditComment. When editing or deleting a comment, a timestamp is added. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Add comment edit icon and formMarcel Korpel11-9/+139
Show an icon next to the comment deletion icon, which leads to a comment edit form. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Use SVG image for comment deletion iconMarcel Korpel6-17/+65
This also puts the icon to the right and the timestamp in the byline and wipes out a repeated instance of the byline. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Remove superfluous close tagsMarcel Korpel1-4/+4
These are already output by html_action_link. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Reindent web/html/packages with tabsJohannes Löthberg1-21/+21
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08notify: Reword notification emailsLukas Fleischer1-26/+52
* Use numbered references for links. * Reword some messages. * Fix a typo. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Port notification routines to PythonLukas Fleischer6-241/+298
Use a Python script for sending notification emails. The notification action and additional parameters are passed via command line arguments. For comment and package request notifications, the text is passed via stdin. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Expose name-only search through the RPC interfaceJohannes Löthberg1-2/+17
Fixes FS#37317. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08aurjson: Pass http_data array to all functionsJohannes Löthberg1-15/+23
This is a preparatory patch that simplifies adding more arguments to the parse functions Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Delete unused variableJohannes Löthberg1-1/+0
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Release 4.0.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>