Age | Commit message (Collapse) | Author | Files | Lines |
|
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d87eaf692a7e47cf16a28d838c7cb2bd
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use Twitter Bootstrap JavaScript framework for typeahead support.
Add a new "suggest" JSON method, which returns the first 20
packages that match the beginning characters of a query.
canyonknight: Link format change, commit message
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Voter page token check takes place in the same way as other
existing token checks. Move the check for consistency.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Display an error page and return a 404 status code in the following
cases:
* An invalid package name is passed to the "packages" action.
* An invalid user name is passed to the "account" action.
* An invalid package action is passed.
* An invalid account action is passed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Give user feedback instead of bailing out with an empty HTTP response
body.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now have a separate box on the package details page. Add
a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Setting GET parameters manually is bad style and causes some strange
side effects when using virtual URLs and mkurl().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Spotted when browsing the package details page while being logged out.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Restructure account.php to remove redundant code.
* Remove own_account_details().
* Rework logic check to default to no access to account edit form.
* Make default account action viewing account info.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The "UpdateAccount" page displays information as to whether an account
update was successful. All POST account info goes to this page, so use
it with sane URLs.
Before:
AUR_URL/account/?Action=UpdateAccount&U=userfoo
After:
AUR_URL/account/userfoo/update
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Allows for easier account editing and saner URLs. Update account editing links
to use new URL.
Before:
AUR_URL/account/?Action=DisplayAccount&U=userfoo
After:
AUR_URL/account/userfoo/edit
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a
get parameter to request a specific package by ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Return the correct route -- even if a "/" is appended to the URI.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This needs to be available on every page since it is needed for
get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if
the virtual path feature is disabled.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for using following URLs:
* /package/$pkg_name/flag: Flag a package out-of-date
* /package/$pkg_name/unflag: Unflag a package
* /package/$pkg_name/notify: Enable comment notifications
* /package/$pkg_name/unnotify: Disable comment notifications
* /package/$pkg_name/vote: Vote for the package
* /package/$pkg_name/unvote: Remove vote
Note that this code is very hackish and should be refactored once we
drop support for legacy URLs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds a URL mapping library that can be used to implement virtual
paths. Also, "web/html/index.php" is moved to "web/html/home.php" and
"web/html/index.php" becomes a routing front end that maps virtual paths
to corresponding files.
To enable the virtual path feature, all requests need to be redirected
to the "index.php" routing script. If you use lighttpd, following
rewrite rule can be used:
url.rewrite = ( "^(.*)$" => "/index.php/$1" )
A similar rule can be used for Apache (using mod_rewrite).
Note that the current routing front end only works if PATH_INFO is
provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Switch to CSS used by archweb
* Move package search to a smaller box to match the style of the main site
* Add text describing mailing list and bug tracker. Eventually remove those
associated nav bar links.
* General clean-up of XHTML
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Using a div container to format heading is ridiculous. Use "<h2></h2>"
instead.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: canyonknight <canyonknight@gmail.com>
|
|
Rather than looking up by username, it makes more sense to look the
stats up by user ID to reduce the number of needed joins.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replacing with CSS styles where appropriate. A previously unused CSS
style is tweaked in the stylesheet to match most of what was done via
non-CSS styling.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use the standard string type specifier instead of "%h" in format
strings. Both specifiers are treated equally in __() so we shouldn't
break anything here. This also allows us to replace the hacky
substitution algorithm in __() by vsprintf().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Lukas: Add note to "UPGRADING".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also changed it around a little bit so it's not tied down the search results function
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also clean up a notice in index.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Move database queries to functions and html to templates.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
No more prints, still all in same file
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This reverts commit 0cf3c5ea8bd2799e1354aa2008edb542e01635ba.
|
|
html from the index page has been moved to a template file (front_page.php)
needs indentation really bad
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Cleaned up the front page.
Removed the blank box on the right of the front page, that was leftover from
the change to the login form (move).
|
|
Cleans up links on front page, adds a TU link to the header to the voting
application, fixes some titles and styling for logged in text
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Verbose page titles again
Adds support for more verbose page titles based on current
page and action by user and removes sort by options from
search form as they're obsolete by column links.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This removes the need for a timeout page (and probably hacker.php) and
moves the login form and status to the header. If your login times out
you won't lose your place anymore and links will always work. Works
for me but at the moment index_po.php is imported in aur.inc which has
to stay until the translations from it for login are moved to
aur_po.php.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
|
|
Simo's original commit text:
The idea of safe flagging is unclear, poorly named, misunderstood,
and not even used. At the time this patch was created, less than
a third of the packages in unsupported were flagged safe, and less
than a tenth of users knew how to interpret it.
The safe flag has been replaced by a disclaimer on the main page.
|
|
Added AUR_VERSION to config file, so now we should only need to
change one location. KISS ftw.
Signed-off-by: tardo <tardo@nagi-fanboi.net>
|