summaryrefslogtreecommitdiffstats
path: root/web/lib/aurjson.class.php
AgeCommit message (Collapse)AuthorFilesLines
2011-10-24Escape wildcards in "LIKE" patternsLukas Fleischer1-2/+1
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-24Wrap mysql_real_escape_string() in a functionLukas Fleischer1-4/+4
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-09-23RPC: Coerce numeric values into integersLukas Fleischer1-0/+12
Coerce following fields into integers to ensure json_encode() serializes them as integers: * ID * CategoryID * NumVotes * OutOfDate * FirstSubmitted * LastModified This means that there will be a minor API break. There's no better way to do this properly, though. Fixes FS#25693. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-09-23RPC: Provide out-of-date timestampLukas Fleischer1-3/+2
Convert the "OutOfDate" field to provide a timestamp instead of a boolean flag in JSON results. We don't really care about backward compatibility here, as most AUR helpers would break anyway when trying to parse RPC responses after the data type overhaul that should come with one of the following patches. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-22RPC: Fix info queries when using package IDsLukas Fleischer1-1/+1
Info queries using package IDs were no longer working due to commit c6d84b3a8df10c522d79c754d4f73cb2a352586f, which introduced a table join in process_query(), thus making the "ID" column ambiguous. Fix this by explicitly specifying the table to use. Fixes FS#25696. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-10Segment the upload directory by package name prefixDan McGee1-1/+1
This implements the following scheme: * /packages/cower/ --> /packages/co/cower/ * /packages/j/ --> /packages/j/j/ * /packages/zqy/ --> /packages/zq/zqy/ We take up to the first two characters of each package name as a intermediate subdirectory, and then the full package name lives underneath that. Shorter named packages live in a single letter directory. Why, you ask? Well because earlier today the AUR hit 32,000 entries in the unsupported/ directory, making new package uploads impossible. While some might argue we shouldn't have so many damn packages in the repos, we should be able to handle this case. Why two characters instead of one? Our two biggest two-char groups, 'pe' and 'py', both start with 'p', and have nearly 2000 packages each. Go Python and Perl. Still needed is a "move the existing data" script, as well as a set of rewrite rules for those wishing to preserve backward compatible URLs for any helper programs doing the wrong thing and relying on them. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-1/+1
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17add first submitted and last modified to rpc outputkachelaqa1-1/+2
after reading the discussion about the submitter field, i looked again at my previous patch and realized that it was not very good at all. hopefully this simplified version will be more acceptable. the justification for this patch is that many third-party tools will want to know how new a package is, or when it last changed. adding the submitted and modified timestamps will allow users to get all the relevant package data in a single query. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17add support for etag and conditional get (if-none-match)elij1-1/+29
Add etag and if-none-match conditional get support. This will allow 'smart client' to save network bandwidth, as they can save the etag hash value for queries and test it later. Still an http request because this patch specifically sets a cache lifetime of zero, and must-revalidate. The benefit here is bandwidth savings. Caching based on expires headers would likely be counter productive, as the api data can change rather quickly...but etag is a nice compromise, and could be quite beneficial for bandwidth recution in some scenarios. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc: unify methods return (fixes FS#17597)tuxce1-29/+19
Include maintainer in info and search method. Lukas: Adjustments for "multiinfo" queries. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc: introduce multiinfo query (fixes FS#17583)Dan McGee1-1/+66
The majority of "real world" info requests [1] come in hefty batches. We would be better served to handle these in one request rather than multiple by allowing AUR clients to send multiple arguments. This enables things like this to work: http://aur.test/rpc.php?type=multiinfo&arg[]=cups-xerox&arg[]=cups-mc2430dl&arg[]=10673 Note to RPC users: unfortunately due to the asinine design of PHP, you unfortunately have to use the 'arg[]' syntax if you want more than one query argument, or you will only get the package satisfying the last arg you pass. [1] Rough data from April 11, 2011, with a total hit count of 1,109,163: 12 /login.php 13 /rpc.php?type=sarch 15 /rpc.php?type=msearch 16 /pingserver.php 16 /rpc.php 22 /logout.php 163 /passreset.php 335 /account.php 530 /pkgsubmit.php 916 /rss2.php 3838 /index.php 6752 /rss.php 9699 / 42478 /rpc.php?type=search 184737 /packages.php 681725 /rpc.php?type=info That means a whopping 61.5% of our requests were for info over the RPC interface; package pages are a distant second at only 16.7%. Lukas: Introduce "multiinfo" query instead of extending "info" (for the sake of backward compatibility). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc.php: be a bit more consistent in query buildingDan McGee1-10/+10
Do the implode as the same but separate step each time, and remove indentation where no other query has it. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc.php overhaulDan McGee1-69/+44
* Mark things static in the class rather than use a constructor every single invocation of the service. * Don't call mysql_real_escape_string() before we even have a database connection, and don't do work in the database if we don't need to. * Formatting consistency fixups in a few places. * Add new process_query() helper function; use this instead of copy-pasted code in all of the RPC method calls. * Remove the escaping code meant to fix FS#15526, introduced in commit 4d1eb4dd7ac631. It broke more than it solved, only fixed the output in one of three RPC calls (and who knows what the web interface then also does), and proper encoding should be done at the database level rather than up here. Lukas: Add special case for "info" queries to process_query() (return a single result instead of an array of results here). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Don't allow dl() of json moduleDan McGee1-4/+0
You need this enabled for the AUR, period. No need for this BS. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Remove Dummy Package conceptDan McGee1-2/+2
Instead, we just store dependencies directly in the PackageDepends table. Since we don't use this info anywhere besides the package details page, there is little value in precalculating what is in the AUR vs. what is not. An upgrade path is provided via several SQL statements in the UPGRADING document. There should be no user-visible change from this, but the DB schema gets a bit more sane and we no longer have loads of junk packages in our tables that are never shown to the end user. This should also help the MySQL query planner in several cases as we no longer have to be careful to exclude dummy packages on every query. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee1-1/+1
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).Lukas Fleischer1-0/+1
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE", so we need to deal with them separately. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-24Build URLs from package names (fixes FS#15308, FS#19327).Lukas Fleischer1-4/+17
Drop the "URLPath" field from the "Packages" table, build URLs from package names instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2009-10-23aurjson: Only return an error string if utf8_encode returns an empty string.Loui Chang1-1/+1
This allows 0 and '0' values to pass. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-01Fix json info output.Loui Chang1-1/+1
Commit 325347a introduced a regression causing an improper database query. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-09-28Add maintainer search to json interface. Closes FS#15947elij1-9/+37
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html Fixed some problems with selecting the proper data fields in the original patch. - Loui Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-09-28fix content-type when sending jsonpelij1-4/+8
jsonp callback should have a content type of text/javascipt, since it specifies a callback function wrapping json data, and is not soley json data. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-09-16Fix: FS#15526 non-UTF8 character in rpc outputGergely Imreh1-0/+9
Currently AUR does not check the uploaded packages, whether they are correctly in UTF8 encoding. If there are fields (such as $pkgdesc) that contain such non-UTF8 characters, the rpc interface chokes on those fields: even if there's data successfully retrieved from the database, rpc returns "null". In an effort to make such errors in the PKGBUILDs debugged more easily, let's force rpc to have more useful output: try to convert non-UTF8 fields to UTF8. If it's a success, good. Partial success (some characters showing as \uXXXX) is ok. Failure results in error message printed to that field. Signed-off-by: Gergely Imreh <imrehg@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-09-14aurjson: Use call_user_func to call functions.Loui Chang1-1/+1
call_user_func_array is unnecessary. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-2/+3
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-25Remove excess whitespace.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-04-12Remove author information from scripts.Loui Chang1-4/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-03-03Add LocationID to returned fields in json interface.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-15rpc: delay getting DB connection until absolutely necessaryDan McGee1-3/+4
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-23Return CategoryID from the json interface.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-07-16Make JSON search return more information.Loui Chang1-14/+20
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-05Added AurJson query length limit.eliott1-0/+4
Set a limit on the length of the query argument for searching. A search of zero length returns a considerably sized result set. Signed-off-by: eliott <eliott@cactuswax.net> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-03-23One more json fixLoui Chang1-1/+1
2008-03-23Fixed a couple more lingering JSON bugsLoui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Fixed operator precendence in aurjsonSimo Leone1-1/+1
My bad Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Make JSON interface workSimo Leone1-5/+10
Now makes sure json php module is loaded, also fixed a few coding errors and made the search behave like the search on the web interface. Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-20Add notify column in search results and notify buttonCallan Barrett1-1/+1
Adds a column to search results showing if a package has comment notification enabled and adds support for toggling notify for multiple packages from search Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Modified to get details based on an exact package name, or based on a ↵eliott1-8/+19
package id.
2008-01-20Removed reference to 'safe'eliott1-1/+1
2008-01-19Moved usage documentation out of the class.eliott1-21/+1
Fixed an issue in the handle class.
2008-01-19Added AurJSON code.eliott1-0/+145
Added a JSON interface to the aur. This should make it easier for developers to integrate command line utilities and poll against the AUR itself.