summaryrefslogtreecommitdiff
path: root/web/lib
AgeCommit message (Collapse)Author
2011-03-04Add action lookup helper functionDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure all package ID values are coerced to integersDan McGee
We don't need mysql_real_escape_string(), we need valid integer conversions. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Vastly simplify pkg_delete functionDan McGee
Since only TUs/Devs can delete packages, we can remove almost all checks except the account type check. And now that our DB uses foreign keys, all of the other deletes happen implicitly when a package is deleted so we don't need to take care of it here. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Ensure users can be deleted when foreign keys are presentDan McGee
This change is necessary to prevent this: mysql> delete from Users where ID = 112; ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`aur`.`Packages`, CONSTRAINT `Packages_ibfk_2` FOREIGN KEY (`SubmitterUID`) REFERENCES `Users` (`ID`) ON DELETE NO ACTION) As a bonus, due to foreign keys, orphaning of packages will be automatic. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Improve cookie handlingDan McGee
* Remove comment that is mostly bogus- the domain is automatically set. * When logging out, don't delete the language cookie. * Make the language cookie persistent. * Use the minimal time possible to expire cookies; no need to compute anything. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Set the character set when connecting to mysqlFlorian Pritz
We should not rely on the default server setting staying the same forever. Signed-off-by: Florian Pritz <bluewind@server-speed.net> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "PackageComments.DelUsersID" as "NULL".Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Add a per-user session limit (fixes FS#12898).Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-22Add ability to search for non-out-of-date packages (fixes FS#17896).Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Fix typo in "web/lib/pkgfuncs.inc".Wieland Hoffmann
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Make persistent cookie timeout configurable via "config.inc" (FS#22994).Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-20Release 1.8.0.1.8.0Lukas Fleischer
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-17pkg_search_results: rewrite of paginationPyroPeter
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add a package name blacklist.Lukas Fleischer
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-09Minor bugfix in pkg_change_category().Lukas Fleischer
This cleans up some broken MySQL query introduced by commit 57a5cbfd. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28aurjson: Escape wildcards in "LIKE" patterns (fixes FS#18626).Lukas Fleischer
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE", so we need to deal with them separately. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Replaced rm_rf() by rm_tree().Lukas Fleischer
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-24Build URLs from package names (fixes FS#15308, FS#19327).Lukas Fleischer
Drop the "URLPath" field from the "Packages" table, build URLs from package names instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Make external links in comments clickable (FS#20137).Lukas Fleischer
Comments are now split at link boundaries and links are converted separately. I find this to be a much cleaner way than re-converting comments that have already been converted using htmlspecialchars(). This also doesn't require any callback procedure. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-12-04Add Danish translationJacob Bang
Signed-off-by: Laszlo Papp <djszapi@archlinux.us> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-11-21Auto redirect from confirmation screens.Dan Vratil
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-10-09acctfuncs: Make message translatable.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-10-02Fixing XSS vulnerabilityViktor Leonhardt
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-09-19Version 1.7.01.7.0Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-08-08Add Hebrew translation.Netanel Shine
Signed-off-by: Netanel Shine <netanelshine@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-23Header and navbar consistent with Arch site redesignDenis Kobozev
-- Loui Chang Change is_tu to check_user_privileges Change div#archdev-navbar style Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-01Confirmation when deleting packagesLukas Fleischer
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-16aur.inc: generate_salt() now uses mt_rand()Linas
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-04Add sorting by "Voted" and "Notify" fieldsLukas Fleischer
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-17Support for storing salted passwordsDenis
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-15pkg_comments: Only display 10 comments by default.Loui Chang
Add a mechanism to view all comments. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-15add search only by nameAndrea Scarpino
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-29remove empty To field (FS#17584)Andrea Scarpino
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-15Turn on package notification for adopted packagesAndrea Scarpino
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-10add link to account profile in out-of-date notificationAndrea Scarpino
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-02-21acctfuncs: Fix some whitespace and formatting.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-09Remove useless or redundant code for translations.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-09translator.inc: Remove old and deprecated code.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-01-08Make DEFAULT_LANG mean the default language for displayed messages.Athurg Gooth
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26config.inc.proto: Change default paths to a more logical place.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26fix mysql.sock pathAndrea Scarpino
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-13Add uid_from_email(), similar to uid_from_usernameEvangelos Foutras
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-27Add Greek Translationflamelab
Signed-off-by: flamelab <panosfilip@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-27Fix Croatian language code in config.inc.proto.Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-26Version Bump 1.6.01.6.0Loui Chang
Signed-off-by: Loui Chang <louipc.ist@gmail.com>