Age | Commit message (Collapse) | Author | Files | Lines |
|
Since commit fb7bde3 (Add support for anonymous comments, 2014-02-04),
we support comments with no specific author. Add a check to
canDeleteComment() and canDeleteCommentArray() to ensure an
unauthenticated user cannot delete such comments.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for removing users without also removing the corresponding
comments. Instead, all comments from deleted users will be displayed as
"Anonymous comment".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Extends changes in 81d4cc13dcae2f159ed937d4ce41e1df7d3c82b0
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Checking whether to add a comment is something that really does not
belong to a function named display_package_details().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Change the return values of following functions to return both
error/success and an error/success message:
* pkg_flag()
* pkg_unflag()
* pkg_adopt()
* pkg_vote()
* pkg_delete()
* pkg_notify()
* pkg_delete_comment()
* pkg_change_category()
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Connor Behan <connor.behan@gmail.com>
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Large amount of boilerplate code that checks if a database
connection exists is useless now that the new connection method
automatically does the same check.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
All functions now have a database connection method that will use
the same database connection. This imitates the functionality of
passing a database connection as an argument and makes it redundant.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Implements FS#33294
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Currently, package flagging and unflagging takes place within the
pkg_flag() function. A bool is set to true or false depending on the
action.
Create new pkg_unflag() function with sole purpose of unflagging
and keep pkg_flag() in place. This split will be useful in the
overhaul of the notification system.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Packages with multiple DepConditions are returned multiple
times in the "Required by" column.
Limit SQL results to distinct packages.
Fixes FS#32478
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Both get_pkg_uri() and get_user_uri() should always return root-relative
URLs -- do not prepend another "/".
Fixes FS#32460.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
An array that contains whether the package is blacklisted is
being improperly used for a comparison. Use fetchColumn() to
avoid the array completely and compare a value directly.
Regression with e171f6f34eeacf35cf7142b4788d43e7d0978546
Fixes FS#31867
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Check if a package actually changed its status before sending an email
to prevent from spamming. Addresses FS#31745.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fixes a undefined variable notice in getvotes() that popped up when a
package without any votes was requested.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Use archweb classes for search result statistics.
* Add some space between page numbers.
* Display current page number instead of current item range.
* Hide page numbers if the result fits into a single page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Add a package ID parameter to pkg_change_category() instead of relying
on the "ID" or "N" GET parameters.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
One cannot check if the PDOStatement object returned by query()
evaluates to true in order to check for a non-empty record set. Modify
the SQL query to count the number of records instead of retrieving the
records themselves and fixing the check.
Regression introduced in e171f6f34eeacf35cf7142b4788d43e7d0978546.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use the global keyword to import "$AUR_LOCATION" in
add_package_comment().
Regression introduced in d3de6679010a1d140794305e747f1af0e7f21834.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
All DB code currently uses the quickly aging mysql_* functions. These
functions are strongly discouraged and may eventually be deprecated.
Transition all code to utilize the PDO data access abstraction layer. PDO
allows for consistent query code across multiple databases. This could
potentially allow for someone to use a database other than MySQL with
minimal code changes.
All functions and behaviors are reproduced as faithfully as possible with
PDO equivalents and some changes in code.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Currently everyone is allowed to unflag a package as out of date. This should
be limited to only the appropriate people for a specific package.
Fixes FS#27263
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Make sure that pkg_change_category() works, even if the "N" get
parameter is used and "ID" is unset. Note that this is considered to be
a hack rather than a proper fix; pkg_change_category() needs a lot of
work.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Note that this currently only works if the virtual path feature is
enabled. If you don't use virtual paths, these will still be displayed
as buttons below the package details listing.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Conflicts:
web/html/account.php
web/html/addvote.php
web/html/pkgsubmit.php
web/lib/acctfuncs.inc.php
web/template/actions_form.php
web/template/pkg_comment_form.php
web/template/pkg_comments.php
web/template/pkg_details.php
web/template/pkg_search_results.php
web/template/tu_details.php
|
|
* Move DB code in pkgsubmit.php to new functions in aur.inc.php and
pkgfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Move DB code and e-mail code from pkg_comment_form.php to new function in
pkgfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Move DB code from pkg_search_results.php to already existing function
in pkgfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Create new functions in pkgfuncs.inc.php with SQL queries from
action_form.php
* Centralization of DB code important in a future transition to PDO interface
* Flip logic of vote and notify XHTML button to use function return rather
than a more confusing NOT (!) logical operator statement
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Create new function in pkgfuncs.inc.php with SQL queries from voters.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Change search results table to use CSS from archweb with better alternating
line contrast
* Change table results header to match archweb
* General clean-up of XHTML
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
A mix of logical operator styles are currently in use. The predominant style
uses "&&" and "||" instead of "and" and "or", respectively. This inconsistency
is minor, but is easily avoided.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for getting the package names of multiple packages at once,
without having to iterate over them and making one DB query per package.
pkgname_from_id() now accepts both integer arrays and single integers
(backwards compatibility mode).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use "undisclosed-recipients: ;" when sending mass notifications (such as
comment notifications and the like. Addresses FS#28229.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This should be set to something like 'http://localhost' for development
or 'https://aur.archlinux.org' in production. It ensures all links in
the site stay in the development site and there is no sudden jump from
development to production environments.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.
Note that we already fixed this for the RPC interface in commit
da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.
This is a rebased version of a patch by elij submitted about half a year
ago.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Conflicts:
web/lib/aur.inc.php
|
|
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE". Write a wrapper function db_escape_like() and use it where
appropriate.
Note that we already fixed this for the RPC interface in commit
da2ebb667b7a332ddd8d905bf9b9a8694765fed6 but missed the other places.
This patch should fix all remaining flaws reported in FS#26527.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Wrap mysql_real_escape_string() in a wrapper function db_escape_string()
to ease porting to other databases, and as another step to pulling more
of the database code into a central location.
This is a rebased version of a patch by elij submitted about half a year
ago.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
These were never used in the function. Where they are used is in the
pkg_details.php template, so move them closer to their actual usage so
as not to confuse poor programmers such as myself.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|