Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
When closing a package request, Trusted Users can now pick a reason
("Accepted" or "Rejected"). This allows for marking a request as
accepted, even if the corresponding package base has already been
deleted.
Also, the notification email now always explicitly states whether a
request has been accepted or closed in the message body.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Add a new entry to the package actions box that allows for filing
deletion and orphan requests. When choosing that action, the user is
redirected to a new page that allows for selecting a request type and
entering a comment. When submitting the request, a new entry in the
request database is created and an email is sent to a configurable
mailing list (defaults to aur-general).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds package base details pages, similar to the package details
pages. Each package base details page contains general information
(package base name, category, submitter, maintainer, ...) and links to
all the corresponding packages. As on the package details pages,
comments and links to several package actions are also provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Extends changes in 81d4cc13dcae2f159ed937d4ce41e1df7d3c82b0
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d87eaf692a7e47cf16a28d838c7cb2bd
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use Twitter Bootstrap JavaScript framework for typeahead support.
Add a new "suggest" JSON method, which returns the first 20
packages that match the beginning characters of a query.
canyonknight: Link format change, commit message
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Voter page token check takes place in the same way as other
existing token checks. Move the check for consistency.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Display an error page and return a 404 status code in the following
cases:
* An invalid package name is passed to the "packages" action.
* An invalid user name is passed to the "account" action.
* An invalid package action is passed.
* An invalid account action is passed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Give user feedback instead of bailing out with an empty HTTP response
body.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now have a separate box on the package details page. Add
a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Setting GET parameters manually is bad style and causes some strange
side effects when using virtual URLs and mkurl().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Spotted when browsing the package details page while being logged out.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Restructure account.php to remove redundant code.
* Remove own_account_details().
* Rework logic check to default to no access to account edit form.
* Make default account action viewing account info.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The "UpdateAccount" page displays information as to whether an account
update was successful. All POST account info goes to this page, so use
it with sane URLs.
Before:
AUR_URL/account/?Action=UpdateAccount&U=userfoo
After:
AUR_URL/account/userfoo/update
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Allows for easier account editing and saner URLs. Update account editing links
to use new URL.
Before:
AUR_URL/account/?Action=DisplayAccount&U=userfoo
After:
AUR_URL/account/userfoo/edit
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a
get parameter to request a specific package by ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Return the correct route -- even if a "/" is appended to the URI.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This needs to be available on every page since it is needed for
get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if
the virtual path feature is disabled.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for using following URLs:
* /package/$pkg_name/flag: Flag a package out-of-date
* /package/$pkg_name/unflag: Unflag a package
* /package/$pkg_name/notify: Enable comment notifications
* /package/$pkg_name/unnotify: Disable comment notifications
* /package/$pkg_name/vote: Vote for the package
* /package/$pkg_name/unvote: Remove vote
Note that this code is very hackish and should be refactored once we
drop support for legacy URLs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds a URL mapping library that can be used to implement virtual
paths. Also, "web/html/index.php" is moved to "web/html/home.php" and
"web/html/index.php" becomes a routing front end that maps virtual paths
to corresponding files.
To enable the virtual path feature, all requests need to be redirected
to the "index.php" routing script. If you use lighttpd, following
rewrite rule can be used:
url.rewrite = ( "^(.*)$" => "/index.php/$1" )
A similar rule can be used for Apache (using mod_rewrite).
Note that the current routing front end only works if PATH_INFO is
provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Switch to CSS used by archweb
* Move package search to a smaller box to match the style of the main site
* Add text describing mailing list and bug tracker. Eventually remove those
associated nav bar links.
* General clean-up of XHTML
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Using a div container to format heading is ridiculous. Use "<h2></h2>"
instead.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: canyonknight <canyonknight@gmail.com>
|
|
Rather than looking up by username, it makes more sense to look the
stats up by user ID to reduce the number of needed joins.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replacing with CSS styles where appropriate. A previously unused CSS
style is tweaked in the stylesheet to match most of what was done via
non-CSS styling.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use the standard string type specifier instead of "%h" in format
strings. Both specifiers are treated equally in __() so we shouldn't
break anything here. This also allows us to replace the hacky
substitution algorithm in __() by vsprintf().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Lukas: Add note to "UPGRADING".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also changed it around a little bit so it's not tied down the search results function
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also clean up a notice in index.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Move database queries to functions and html to templates.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
No more prints, still all in same file
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This reverts commit 0cf3c5ea8bd2799e1354aa2008edb542e01635ba.
|