summaryrefslogtreecommitdiffstats
path: root/web/lib/pkgfuncs.inc.php
AgeCommit message (Collapse)AuthorFilesLines
2014-02-06Do not allow unauthenticated users to delete commentsLukas Fleischer1-1/+8
Since commit fb7bde3 (Add support for anonymous comments, 2014-02-04), we support comments with no specific author. Add a check to canDeleteComment() and canDeleteCommentArray() to ensure an unauthenticated user cannot delete such comments. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-04Add support for anonymous commentsLukas Fleischer1-5/+5
This allows for removing users without also removing the corresponding comments. Instead, all comments from deleted users will be displayed as "Anonymous comment". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-01-22Further optimize voters.php to only need the package namecanyonknight1-5/+6
* Extends changes in 81d4cc13dcae2f159ed937d4ce41e1df7d3c82b0 * Modify getvotes() to use the package name rather than package ID * Rename getvotes() to votes_for_pkgname() for clarity with new changes * Modify routing framework and links to now use package names for voters.php Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Move package comment check to packages.phpLukas Fleischer1-4/+0
Checking whether to add a comment is something that really does not belong to a function named display_package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Add boolean return values to several pkg_*() functionsLukas Fleischer1-42/+42
Change the return values of following functions to return both error/success and an error/success message: * pkg_flag() * pkg_unflag() * pkg_adopt() * pkg_vote() * pkg_delete() * pkg_notify() * pkg_delete_comment() * pkg_change_category() Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-19Fix typo in delete permission warningConnor Behan1-1/+1
Signed-off-by: Connor Behan <connor.behan@gmail.com> Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove checks before calling connection methodcanyonknight1-108/+36
Large amount of boilerplate code that checks if a database connection exists is useless now that the new connection method automatically does the same check. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove documentation references to database parametercanyonknight1-24/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Remove unnecessary database connection parameter from all functionscanyonknight1-54/+54
All functions now have a database connection method that will use the same database connection. This imitates the functionality of passing a database connection as an argument and makes it redundant. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-02-10Add database wrapper class and new connection methodcanyonknight1-36/+36
Uses the Singleton pattern to ensure all queries use the same database connection that is released upon script completion. All database connections should now be called with DB::connect() and not db_connect(). Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-19Add description meta-element to package pagesMarcel Korpel1-30/+51
Implements FS#33294 Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-12-07Split package flagging and unflagging into separate functionscanyonknight@gmail.com1-31/+43
Currently, package flagging and unflagging takes place within the pkg_flag() function. A bool is set to true or false depending on the action. Create new pkg_unflag() function with sole purpose of unflagging and keep pkg_flag() in place. This split will be useful in the overhaul of the notification system. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-15pkgfuncs.inc.php: Rework query to avoid "Required by" duplicatescanyonknight1-1/+1
Packages with multiple DepConditions are returned multiple times in the "Required by" column. Limit SQL results to distinct packages. Fixes FS#32478 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-11-04Avoid double slashes in notificationsLukas Fleischer1-3/+3
Both get_pkg_uri() and get_user_uri() should always return root-relative URLs -- do not prepend another "/". Fixes FS#32460. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-11pkgfuncs.inc.php: Fix blacklisting functionalitycanyonknight1-1/+1
An array that contains whether the package is blacklisted is being improperly used for a comparison. Use fetchColumn() to avoid the array completely and compare a value directly. Regression with e171f6f34eeacf35cf7142b4788d43e7d0978546 Fixes FS#31867 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-04pkgfuncs.inc.php: Document all functions using PHPDoc formatcanyonknight1-40/+263
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-03Do not notify if status is unchanged in pkg_flag()Lukas Fleischer1-2/+6
Check if a package actually changed its status before sending an email to prevent from spamming. Addresses FS#31745. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-03pkgfuncs.inc.php: Fix undefined variable noticeLukas Fleischer1-0/+1
Fixes a undefined variable notice in getvotes() that popped up when a package without any votes was requested. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-20Remove unused pkgnotify_from_sid functioncanyonknight1-23/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-20Remove unused canManagePackage() functioncanyonknight1-22/+0
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-19Sync search result statistics with archwebLukas Fleischer1-6/+0
* Use archweb classes for search result statistics. * Add some space between page numbers. * Display current page number instead of current item range. * Hide page numbers if the result fits into a single page. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Fix category selectionLukas Fleischer1-9/+1
Add a package ID parameter to pkg_change_category() instead of relying on the "ID" or "N" GET parameters. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Fix package notificationLukas Fleischer1-5/+5
One cannot check if the PDOStatement object returned by query() evaluates to true in order to check for a non-empty record set. Modify the SQL query to count the number of records instead of retrieving the records themselves and fixing the check. Regression introduced in e171f6f34eeacf35cf7142b4788d43e7d0978546. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18pkgfuncs.inc.php: Add missing global keywordLukas Fleischer1-0/+2
Use the global keyword to import "$AUR_LOCATION" in add_package_comment(). Regression introduced in d3de6679010a1d140794305e747f1af0e7f21834. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user info pagecanyonknight1-1/+1
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Migrate all DB code to use PDOcanyonknight1-146/+156
All DB code currently uses the quickly aging mysql_* functions. These functions are strongly discouraged and may eventually be deprecated. Transition all code to utilize the PDO data access abstraction layer. PDO allows for consistent query code across multiple databases. This could potentially allow for someone to use a database other than MySQL with minimal code changes. All functions and behaviors are reproduced as faithfully as possible with PDO equivalents and some changes in code. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23Allow only Trusted Users, Developers, and Maintainers to unflag packagescanyonknight1-0/+4
Currently everyone is allowed to unflag a package as out of date. This should be limited to only the appropriate people for a specific package. Fixes FS#27263 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18pkgfuncs.inc.php: Fix pkg_change_category()Lukas Fleischer1-0/+2
Make sure that pkg_change_category() works, even if the "N" get parameter is used and "ID" is unset. Note that this is considered to be a hack rather than a proper fix; pkg_change_category() needs a lot of work. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Move package actions to the action boxLukas Fleischer1-0/+1
Note that this currently only works if the virtual path feature is enabled. If you don't use virtual paths, these will still be displayed as buttons below the package details listing. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer1-4/+3
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-3/+3
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-1/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06pkgsubmit.php: Pull out DB codecanyonknight1-0/+97
* Move DB code in pkgsubmit.php to new functions in aur.inc.php and pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_comment_form.php: Pull out DB codecanyonknight1-0/+54
* Move DB code and e-mail code from pkg_comment_form.php to new function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Pull out DB codecanyonknight1-0/+5
* Move DB code from pkg_search_results.php to already existing function in pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06action_form.php: Pull out DB codecanyonknight1-0/+40
* Create new functions in pkgfuncs.inc.php with SQL queries from action_form.php * Centralization of DB code important in a future transition to PDO interface * Flip logic of vote and notify XHTML button to use function return rather than a more confusing NOT (!) logical operator statement Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06voters.php: Pull out DB codecanyonknight1-0/+25
* Create new function in pkgfuncs.inc.php with SQL queries from voters.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06pkg_search_results.php: Overhaul to match archwebcanyonknight1-4/+4
* Change search results table to use CSS from archweb with better alternating line contrast * Change table results header to match archweb * General clean-up of XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Be consistent in PHP logical operator usagecanyonknight1-2/+2
A mix of logical operator styles are currently in use. The predominant style uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency is minor, but is easily avoided. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Extend pkgname_from_id() to arrays of IDsLukas Fleischer1-6/+23
This allows for getting the package names of multiple packages at once, without having to iterate over them and making one DB query per package. pkgname_from_id() now accepts both integer arrays and single integers (backwards compatibility mode). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-31HTML/DOM fixesDario Giovannetti1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-08Always set the "To:" header when sending mailLukas Fleischer1-1/+1
Use "undisclosed-recipients: ;" when sending mass notifications (such as comment notifications and the like. Addresses FS#28229. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-11-02Add a new AUR_LOCATION settingDan McGee1-1/+5
This should be set to something like 'http://localhost' for development or 'https://aur.archlinux.org' in production. It ensures all links in the site stay in the development site and there is no sudden jump from development to production environments. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-10-25Escape wildcards in "LIKE" patternsLukas Fleischer1-7/+5
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-25Wrap mysql_real_escape_string() in a functionLukas Fleischer1-6/+6
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Conflicts: web/lib/aur.inc.php
2011-10-24Escape wildcards in "LIKE" patternsLukas Fleischer1-7/+5
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-24Wrap mysql_real_escape_string() in a functionLukas Fleischer1-6/+6
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-10-24send emails when delteing packagesFlorian Pritz1-0/+38
Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Remove unnecessary atype and uid lookup from package_details()Dan McGee1-3/+0
These were never used in the function. Where they are used is in the pkg_details.php template, so move them closer to their actual usage so as not to confuse poor programmers such as myself. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Use 'true' instead of 'True' everywhereDan McGee1-6/+6
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>