summaryrefslogtreecommitdiffstats
path: root/web/template/actions_form.php
AgeCommit message (Collapse)AuthorFilesLines
2012-07-14Merge branch 'maint'Lukas Fleischer1-0/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06action_form.php: Pull out DB codecanyonknight1-24/+8
* Create new functions in pkgfuncs.inc.php with SQL queries from action_form.php * Centralization of DB code important in a future transition to PDO interface * Flip logic of vote and notify XHTML button to use function return rather than a more confusing NOT (!) logical operator statement Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06actions_form.php: Overhaul to match archwebcanyonknight1-48/+41
* Change all CSS to match archweb * General clean-up of XHTML formatting * Change control structures to use PHP alternative syntax for better readability with inter-mixed XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-0/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer1-0/+2
Merge all comments and votes of deleted packages into another package if the "Merge with" field is used. Duplicate votes (votes from a user who already voted on the target package or voted on more than one of the deleted packages) are discarded. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17test return value from db_query before assuming it is validelij1-23/+29
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-12/+13
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-07-01Confirmation when deleting packagesLukas Fleischer1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-25Move package comment form into a new template.Loui Chang1-6/+0
Feature the form on the package details page. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-23Move actions form into template.Loui Chang1-0/+60
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-07-13 02:42:28 +0000