Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove the password field from the account creation form and always send
a password reset request via e-mail instead. This ensures that only
users with valid e-mail addresses are able to login.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
If an empty password is passed during account registration, login for
the new user is disabled and a reset key is sent to the new user's
e-mail address so that they can set an initial password manually.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Connor Behan <connor.behan@gmail.com>
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for adding a metadata file called ".AURINFO" to source
tarballs to overwrite specific PKGBUILD fields. .AURINFO files are
parsed line by line. The syntax for each line is "key = value", where
key is any of the following field names:
* pkgname
* pkgver
* pkgdesc
* url
* license
* depend
Multiple "depend" lines can be specified to add multiple dependencies.
This format closely matches the .PKGINFO format that is used for binary
packages in pacman/libalpm. It can be extended by field name prefixes or
sections to support split packages later.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Move all PKGBUILD field validations to a central location.
Also, change $pkgbuild[] to $new_pkgbuild[] in order to parse evaluated
PKGBUILD fields instead of raw ones.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).
Also, move the $pkg_name extraction up to fix the split package check.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We used a mixture of account type IDs and account type descriptions on
the account edit page. This resulted in the account type field always
defaulting to "Normal user" after an invalid form had been submitted.
Consistently use account type IDs to avoid this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Since all database related functions will establish a connection
when needed, there is no need to pre-emptively try and establish
a database connection.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Large amount of boilerplate code that checks if a database
connection exists is useless now that the new connection method
automatically does the same check.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
All functions now have a database connection method that will use
the same database connection. This imitates the functionality of
passing a database connection as an argument and makes it redundant.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
An error message is printed when the number of affected rows is
0 for an edited account. A count of 0 doesn't imply an error,
only that no changes were made in the database.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
A suspended user can stay in active sessions. Introduce new function
delete_user_sessions to remove all open sessions for a specific user.
Allows suspensions to take effect immediately.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The function is only determining whether a username is valid,
so it makes more sense to simply return a boolean value.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Occurs in the rare situation where a logged out user tries to POST
a CSRF token.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is already done in header.php; doing this double will result
in & in title element
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Implements FS#33294
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use Twitter Bootstrap JavaScript framework for typeahead support.
Add a new "suggest" JSON method, which returns the first 20
packages that match the beginning characters of a query.
canyonknight: Link format change, commit message
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Supported languages are listed in their native language. Only Dutch is
in English. Translate reference into Dutch.
canyonknight: Commit message clarity
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Currently, package flagging and unflagging takes place within the
pkg_flag() function. A bool is set to true or false depending on the
action.
Create new pkg_unflag() function with sole purpose of unflagging
and keep pkg_flag() in place. This split will be useful in the
overhaul of the notification system.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
A check is only done to verify a Trusted User isn't promoting their
account. An attacker can send tampered account type POST data to
change their "User" level account to a "Developer" account.
Add check so that all users cannot increase their own account
permissions.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Checks are in place to avoid users getting account editing forms
they shouldn't have access to. The appropriate checks before
editing the account in the backend are not in place.
This vulnerability allows a user to craft malicious POST data to
edit other user accounts, thereby allowing account hijacking.
Add a new flexible function can_edit_account() to determine if
a user has appropriate permissions. Run the permission check before
processing any account information in the backend.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Voter page token check takes place in the same way as other
existing token checks. Move the check for consistency.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Packages with multiple DepConditions are returned multiple
times in the "Required by" column.
Limit SQL results to distinct packages.
Fixes FS#32478
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package names and dep conditions can be specially crafted for an XSS
attack. Properly sanitize these variables on the package details page.
In addition, avoid including dep conditions as part of a package link.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Both get_pkg_uri() and get_user_uri() should always return root-relative
URLs -- do not prepend another "/".
Fixes FS#32460.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Make sure we always return root-relative URIs in get_pkg_uri() and in
get_user_uri() and prepend a slash ("/") if the virtual URL feature is
disabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Display a special error message if the package is identified as split
package.
Currently, the AUR displays a very vague error message when a split
package is submitted ("Invalid name: only lowercase letters are
allowed"). This often caused confusion among package submitters, see
FS#22834 and FS#32450.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fixes FS#32455.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fixes FS#32449.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Commit 091c2b5f5523773604699b914c19e6b02ce290bc introduced lower casing
to the language drop-down list. Revert this and use htmlspecialchars()
to escape language entries instead.
Addresses FS#32453.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Display an error page and return a 404 status code in the following
cases:
* An invalid package name is passed to the "packages" action.
* An invalid user name is passed to the "account" action.
* An invalid package action is passed.
* An invalid account action is passed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Users are able to upload tarballs without a directory.
The directory count for a tarball is available, so use it to
display an error when there is not a single directory.
This patch has no effect on users who generate their uploaded
tarballs using makepkg. All other users must include a directory
in their tarball.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|