Age | Commit message (Collapse) | Author | Files | Lines |
|
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Finally move comment deletion and category editing into functions and
remove pkgedit.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
-Fix indentation
-Fix variable naming conflict $id vs $cid
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
- resolve conflict and omit i18n changes.
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
translation)
Change width to min-width. - Loui
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
-- Loui Chang
Change is_tu to check_user_privileges
Change div#archdev-navbar style
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Closes: http://bugs.archlinux.org/task/19914
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This solves the problem of include files not being found after an error.
$_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be
installed in a subdirectory.
This closes http://bugs.archlinux.org/task/16887
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
To upgrade existing databases:
ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
People entering explicit search terms would expect alphabetical order.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also make syntax more straightforward.
'asc' is ascending, rather than 'up'.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Make HTML markup more logical.
Remove some unused style sheets rules.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This works by adding a new field to the 'Users' table called 'ResetKey',
which is a 32 characters long, random string. When the user requests a
password reset, a new 'reset key' is generated and sent to the user's
e-mail address in the form of a link in the following format:
http://aur.archlinux.org/passreset.php?resetkey=<reset key>
When the above link is followed, the user is presented with a form to
verify his/her e-mail address and specify the new desired password. If
the e-mail address matches the reset key in the database, the new
password is assigned to the account. If there is an error, a relevant
message is displayed and the user is prompted to re-enter the required
information. Upon successful completion of this procedure, the ResetKey
field in the database is blanked and the specific key cannot be reused.
One SQL query is needed to add the ResetKey field to the 'Users' table:
ALTER TABLE `Users` ADD `ResetKey` CHAR(32) NOT NULL DEFAULT '';
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Laszlo Papp <djszapi@archlinux.us>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
makepkg --source should be used to upload packages.
It provides a bit of error checking and it's good to support only a
single format here.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Add msearch type to the list on http://aur.archlinux.org/rpc.php
Signed-off-by: Laszlo Papp <djszapi@archlinux.us>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
changed file name, as the 2 is relatively meaningless.
I think at one time it qualified it as a rss2.0 feed, but the
distinction is valueless at this point, since the generated xml
itself declares the rss version.
make sure to set an apache rewrite rule for any production systems
that require it.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
- removed excessive string catenation, replaced with variable substitution
- consolidated http/https protocol checks
- simplified host header parse (centralized)
- moved cache file to /tmp, to remove need to custom permission directory in webdir
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Kind of pointless to keep it around. Especially in here.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Version using package functions
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
comments need to be removed before concatenating lines, otherwise
not matched brackets can cause problems on submit
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
It's performance improvement day today. For non-superusers, we were hitting
the database twice per comment on a package- once to get the UID, and once
to check the owner of the comment. The best part is we already knew the
owner of the comment, and we only need to get our own UID once.
For viewing a package like yaourt, this cuts a single pageview from over 700
queries to around 18, which is still not great but a pretty big improvement.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Better detection of the build function.
Better detection of variables.
Support for variables with underscores.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Make post date consistent with other dates.
Look Ma, no tables!
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|