Age | Commit message (Collapse) | Author | Files | Lines |
|
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Drop the "URLPath" field from the "Packages" table, build URLs from
package names instead.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
- resolve conflict and omit i18n changes.
|
|
Closes: http://bugs.archlinux.org/task/19914
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This solves the problem of include files not being found after an error.
$_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be
installed in a subdirectory.
This closes http://bugs.archlinux.org/task/16887
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Make HTML markup more logical.
Remove some unused style sheets rules.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
makepkg --source should be used to upload packages.
It provides a bit of error checking and it's good to support only a
single format here.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Version using package functions
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
comments need to be removed before concatenating lines, otherwise
not matched brackets can cause problems on submit
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Better detection of the build function.
Better detection of variables.
Support for variables with underscores.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This only neutralises bash parameter substitution, but doesn't perform
the proper replacement.
Closes FS#13122.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Lines such as foo=$foo in the PKGBUILD would end up in a
infinite replacement cycle when uploaded, thus the upload
times out. In these kind of lines, $foo is replaced not by
"$foo" again, but deleted (missing value for foo).
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
All custom variables are handled during subsitution, as well as
bash "eval" statements.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
The web interface was handling comments in the PKGBUILD variable fields
(such as 'source','depends',etc...) differently from makepkg, because
makepkg ignores the rest of the current line if there is a # character,
while the web interface parsed that as well, and listed the words of the
comment as source files.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also fix a translation string.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Just like the previous patch for account_from_sid() over-usage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Clean up a couple of notices.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
I forgot about the forms.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Fix for FS#11132 - AUR fails to parse multiline source array
Signed-off-by: Evangelos Foutras <foutrelis@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Try submitting an empty form to the aur
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.
Thanks to Dan McGee for chmod_group.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Conflicts:
web/html/pkgsubmit.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Since this module requires root to install
system-wide, and is somewhat rare, it's better
to just include it in the AUR code itself.
Signed-off-by: Simo Leone <simo@archlinux.org>
|
|
On a successful package submit there will be a redirect to the package details
page of the packages, no more successful message
Also got rid of the $warning stuff, what the hell was that for?
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Moved some stuff around, rewrote some stuff although the functionality is
exactly the same as before
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Uses File_Find and Archive_Tar in pkgsubmit.php
Removes references to PackageContents
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Previous fix for this was only half implemented, links now work with both
a new package and an updated one
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Fix entry of URLPath and FSPath to be actual locations, fixes RPC results
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
What it says in the title
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Adds support for uploading plain PKGBUILDs to the AUR
Simply moves the PKGBUILD to a directory to be treated the same as if it were
in a tarball
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
When updating a package and no category is selected the category will no
longer reset itself to "none", it will only update if something else is
chosen.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
It was broken and hardly used. It's just as easy
to add short print statements or logging if
some debugging output is needed.
Signed-off-by: Simo Leone <simo@archlinux.org>
|
|
When a package upload fails the category value will be prefilled, fixes a bug
in the previous patch where the pkgbuild would not extract properly and splits
the html from php in the form so there are no more prints to output it
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Instead of restricting to gz and bz2, allow just plain tar and any other
format tar can understand to be uploaded. I make the mistake all the time of
forgetting to pass -z to tar when making something to upload, and there is
no real reason to exclude plain tar files.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Verbose page titles again
Adds support for more verbose page titles based on current
page and action by user and removes sort by options from
search form as they're obsolete by column links.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This is a patch that fixes a lot of little things:
* We no longer have pkgsearch or pkgdetails link functions and all
references to them are gone, that's what a back button is for and if
we really need it we can come up with something better
* No longer have do_Details variable, this means links on the package
search are simply ?ID=foo
* On the pkgdetails pages when there are either no deps, deps by,
sources or comments for a package the list for each will display
"None" instead of nothing at all (ruining the layout)
* Fixed a bug where if a package had no sources or no deps
pkgsubmit.php would submit an empty one
* Translation of the word "Search'" has been changed to "Search"
Most of these relate to each other.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This removes the name, overwrite and comment options from pkgsubmit.php
by moving when the tarball is extracted (and where) and when the pkgbuild
is parsed so pkgname is taken from the pkgbuild instead of user input
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This fixes a bug where TUs and devs couldn't upload packages because
the query would have an extra column in it to mark the pkgbuild safe
automatically, guessing it got missed when the safe flags were
removed. Also fixes a screw up I made with the schema file when I
added the tables for the voting app.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
Simo's original commit text:
The idea of safe flagging is unclear, poorly named, misunderstood,
and not even used. At the time this patch was created, less than
a third of the packages in unsupported were flagged safe, and less
than a tenth of users knew how to interpret it.
The safe flag has been replaced by a disclaimer on the main page.
|
|
Added AUR_VERSION to config file, so now we should only need to
change one location. KISS ftw.
Signed-off-by: tardo <tardo@nagi-fanboi.net>
|
|
Yeah I actually want to work from testing.
Conflicts:
web/lib/pkgfuncs.inc
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|