summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2011-03-04Add a sanitize_ids function and use it in all pkg_* functionsDan McGee1-33/+22
And use implode() instead of some looping/first time logic. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Set a default timezoneDan McGee1-0/+2
With our use of strtotime() in stats.inc, we are "required" to do so or at least the emitted warning tells us it is a good idea. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Fix PHP notices in account pagesDan McGee1-0/+8
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Remove dead dependency/required by link codeDan McGee1-5/+0
For some reason we were doing this song and dance "iterate all the known parameters" business. This is totally unnecessary, clutters the links, and was spewing errors all over the place, so kill it. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure all variables are set in package search formDan McGee1-21/+13
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Add action lookup helper functionDan McGee1-0/+5
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure all package ID values are coerced to integersDan McGee1-18/+22
We don't need mysql_real_escape_string(), we need valid integer conversions. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Vastly simplify pkg_delete functionDan McGee1-58/+8
Since only TUs/Devs can delete packages, we can remove almost all checks except the account type check. And now that our DB uses foreign keys, all of the other deletes happen implicitly when a package is deleted so we don't need to take care of it here. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure users can be deleted when foreign keys are presentDan McGee1-1/+0
This change is necessary to prevent this: mysql> delete from Users where ID = 112; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`aur`.`Packages`, CONSTRAINT `Packages_ibfk_2` FOREIGN KEY (`SubmitterUID`) REFERENCES `Users` (`ID`) ON DELETE NO ACTION) As a bonus, due to foreign keys, orphaning of packages will be automatic. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Improve cookie handlingDan McGee1-12/+8
* Remove comment that is mostly bogus- the domain is automatically set. * When logging out, don't delete the language cookie. * Make the language cookie persistent. * Use the minimal time possible to expire cookies; no need to compute anything. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Set the character set when connecting to mysqlFlorian Pritz1-0/+2
We should not rely on the default server setting staying the same forever. Signed-off-by: Florian Pritz <bluewind@server-speed.net> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer2-4/+4
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "PackageComments.DelUsersID" as "NULL".Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer1-0/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Add a per-user session limit (fixes FS#12898).Lukas Fleischer2-1/+18
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-22Add ability to search for non-out-of-date packages (fixes FS#17896).Lukas Fleischer1-1/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Fix typo in "web/lib/pkgfuncs.inc".Wieland Hoffmann1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Make persistent cookie timeout configurable via "config.inc" (FS#22994).Lukas Fleischer2-1/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-20Release 1.8.0.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-17pkg_search_results: rewrite of paginationPyroPeter1-0/+26
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add a package name blacklist.Lukas Fleischer1-0/+23
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-09Minor bugfix in pkg_change_category().Lukas Fleischer1-1/+1
This cleans up some broken MySQL query introduced by commit 57a5cbfd. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee3-69/+18
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).Lukas Fleischer1-0/+1
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE", so we need to deal with them separately. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Replaced rm_rf() by rm_tree().Lukas Fleischer1-3/+15
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-24Build URLs from package names (fixes FS#15308, FS#19327).Lukas Fleischer1-4/+17
Drop the "URLPath" field from the "Packages" table, build URLs from package names instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Make external links in comments clickable (FS#20137).Lukas Fleischer1-0/+24
Comments are now split at link boundaries and links are converted separately. I find this to be a much cleaner way than re-converting comments that have already been converted using htmlspecialchars(). This also doesn't require any callback procedure. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-12-04Add Danish translationJacob Bang1-0/+1
Signed-off-by: Laszlo Papp <djszapi@archlinux.us> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-11-21Auto redirect from confirmation screens.Dan Vratil1-0/+86
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer3-6/+11
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-10-09acctfuncs: Make message translatable.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-10-02Fixing XSS vulnerabilityViktor Leonhardt1-15/+15
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-09-19Version 1.7.0Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-08-08Add Hebrew translation.Netanel Shine1-0/+1
Signed-off-by: Netanel Shine <netanelshine@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-23Header and navbar consistent with Arch site redesignDenis Kobozev1-0/+8
-- Loui Chang Change is_tu to check_user_privileges Change div#archdev-navbar style Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-01Confirmation when deleting packagesLukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-16aur.inc: generate_salt() now uses mt_rand()Linas1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-04Add sorting by "Voted" and "Notify" fieldsLukas Fleischer1-6/+20
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-17Support for storing salted passwordsDenis2-20/+69
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-15pkg_comments: Only display 10 comments by default.Loui Chang1-4/+25
Add a mechanism to view all comments. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-15add search only by nameAndrea Scarpino1-2/+8
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-29remove empty To field (FS#17584)Andrea Scarpino1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-15Turn on package notification for adopted packagesAndrea Scarpino1-0/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-10add link to account profile in out-of-date notificationAndrea Scarpino1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-02-21acctfuncs: Fix some whitespace and formatting.Loui Chang1-40/+36
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-09Remove useless or redundant code for translations.Loui Chang2-10/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-09translator.inc: Remove old and deprecated code.Loui Chang1-23/+6
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-08Make DEFAULT_LANG mean the default language for displayed messages.Athurg Gooth3-11/+13
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26config.inc.proto: Change default paths to a more logical place.Loui Chang1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>