summaryrefslogtreecommitdiff
path: root/web/html
AgeCommit message (Expand)Author
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight
2011-10-25Wrap mysql_real_escape_string() in a functionLukas Fleischer
2011-09-05web/html/pkgsubmit.php: Deal with unset category IDLukas Fleischer
2011-08-12Use secure and httponly session cookiesLukas Fleischer
2011-08-11Use 'true' instead of 'True' everywhereDan McGee
2011-08-11Make package creation and update atomicDan McGee
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer
2011-08-11Rename package_exists() to pkgid_from_name()Lukas Fleischer
2011-08-10Segment the upload directory by package name prefixDan McGee
2011-07-29Fix empty depends database insertLukas Fleischer
2011-06-28Replace split() invocations with explode()Lukas Fleischer
2011-06-25Honor epoch field in PKGBUILD files.Slavi Pantaleev
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij
2011-06-22make rss.php use the apc cache instead of a cache fileelij
2011-05-29Cleanup RPC usage output a bitLukas Fleischer
2011-05-29Properly encode ampersands in the RPC usage outputLukas Fleischer
2011-05-29fix two issues (php notice level) with html/rss.phpelij
2011-05-29restructure the html/rpc.php endpointelij
2011-05-17test return value from db_query before assuming it is validelij
2011-04-27create variable before referencing it with .=elij
2011-04-27SQL: treat all UID/ID values as numbers, not stringsDan McGee
2011-04-27SQL: use standard LIMIT/OFFSET syntaxDan McGee
2011-04-24pkgsubmit.php: Ensure the session is linked to a valid user.Lukas Fleischer
2011-04-24pkgsubmit.php: Remove redundant uid_from_sid() invocations.Lukas Fleischer
2011-04-19Use HTTPs for links in password reset confirmation mails.Lukas Fleischer
2011-04-16rpc: introduce multiinfo query (fixes FS#17583)Dan McGee
2011-04-13Remove "New Package Notify" option from user account settings.Lukas Fleischer
2011-04-05Remove File_Find PEAR module from code base.Lukas Fleischer
2011-04-04Fix PHP warning when browsing a non-existent package.Lukas Fleischer
2011-04-03Remove Dummy Package conceptDan McGee
2011-04-03Always set ModifiedTS including new packagesDan McGee
2011-04-03Submission process code refactorDan McGee
2011-03-30Be more restrictive with source tarball contents.Lukas Fleischer
2011-03-30Fix PHP notice when submitting an empty file.Lukas Fleischer
2011-03-30Fix strict standards warnings in "web/html/pkgsubmit.php".Lukas Fleischer
2011-03-30Check if submitted files are in GZIP format.Lukas Fleischer
2011-03-30Fix XSS vulnerabilities in "web/html/voters.php".Lukas Fleischer
2011-03-30Fix PHP undefined notice in "web/html/packages.php".Lukas Fleischer
2011-03-11Fix broken XHTML.Lukas Fleischer
2011-03-10More PHP Notice undefined fixupsDan McGee
2011-03-04Fix PHP notices in account pagesDan McGee
2011-03-04Add action lookup helper functionDan McGee
2011-03-04Improve cookie handlingDan McGee
2011-03-01Fix potential injection vulnerabilityDan McGee
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer
2011-02-25Reject blacklisted packages on initial submission only.Lukas Fleischer
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer
2011-02-21Reject packages with subdirectories (fixes FS#22995).Lukas Fleischer
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer
2011-02-21Use move_uploaded_file() instead of rename() in "pkgsubmit.php".Lukas Fleischer