Age | Commit message (Collapse) | Author | Files | Lines |
|
Although we don't allow unauthenticated users to post content, we should
still cover our bases here and ensure people can't inject stuff into the
production website via an inadvertent XSS.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Thanks for your silly files, OS X.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Class-based selectors make sense here, we don't need the table tag too.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Use ID-only rules, etc.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This simplifies a lot of the CSS and brings it in line with
recommendations to use ID-based selectors when possible.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This belongs in HTTP headers, not here.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
The relative path to the logo PNG image wasn't correct, and too much of
the other styles got deleted when removing the IE6 compatibility shim.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Move to the 1.4.2 Django security release, and update django-countries
to 1.4.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We don't need this anymore.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
It is silly to have to load an external resource when we can simply cram
all of this in the same single stylesheet used for the site.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This hasn't been updated in ages, and who is printing out pages from the
website anyway?
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Make them a bit more efficient by adding an explicit condition on both
the packages and signoff table for the repo ID, and move the common code
into a shared function both can use.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
In the architecture agnostic case, this error is much more likely to
happen, so printing it like an error message is deceiving.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This removes the subplan and per-row query in favor of a LEFT JOIN where
we look for non-matching rows. Tested in sqlite3 and PostgreSQL.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We don't need the full mirror log objects; we just need a very small
subset of values from them here to do the required math and object
building.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Commit 1decbc079ff8ab9798cef0ca02310357f8f4ba0c "JSLint suggested script
cleanups" mistakenly removed the closing brace and parenthesis of a
jQuery .each() call, along with a following comment.
This commit brings back the two removed lines.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Apparantly 'project=99' is not the correct way to do this; 'project=0'
is. Flip the links so they all use the new form. FS#31561.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This covers more .php pages noticed in Google webmaster tools, as well
as some links to former documentation.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Just like we did with the rows of depends and required by, collapse down
conflicts, provides, etc. comma-separated lists if they grow too large.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Upstream Django bug #2713 was fixed in
https://github.com/django/django/commit/123f567093, so we can now enable
caching of sitemaps.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
* Output the blank string when passed None for pkg argument
* Allow override of the link text if optional argument passed
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Now that some users see staging packages and others do not, we need to
be more careful about what variables the fragment depends on.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Now that we do updates on the fly and not just once an hour, we can
afford to show a bit more granularity here.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This reverts 3530303c9a7d now that we have reasonably hidden most
staging package confusion on the site for normal end users.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
* Select arch and repo related models as we need the name off each
* Only select the fields we actually need from the database
* Exclude [staging] packages
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This is for users that aren't logged in; developers will still see them.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This is temporary or at least a quick way to ensure regular users aren't
confused by staging packages; later updates should re-enable display of
this for logged in developers and trusted users.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This is temporary until we do more work to ensure staging packages don't
show up and confuse regular users of the web interface.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This doesn't prevent unauthenticated users from accessing the feeds, but
it should reduce clutter and confusion on the feeds index page for users
unlikely to need these feeds.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This assumption was baked into the Twitter bootstrap JS; kill it so it
is still easy to do a freeform search if wanted.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This uses the existing OpenSearch query endpoint to perform the search
and displays the results accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|