summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-04-23Render comments when storing them in the databaseLukas Fleischer9-4/+107
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-20Use JavaScript to collapse long commentsLukas Fleischer3-6/+36
Instead of using CSS to limit the height of package comments as implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12), use JavaScript to collapse long comments and add a link to expand them. Clicking the same link twice results in the corresponding comment being collapsed again. If JavaScript is disabled, the full comments are shown (without any possibility to collapse or expand). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-19Store dependency descriptions in a separate columnLukas Fleischer5-35/+28
Split optional dependency descriptions from dependency names before storing them in the database and use a separate column to store the descriptions. This allows us to simplify and optimize the SQL queries in pkg_dependencies() as well as pkg_required(). Suggested-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-18Check return value of get_extended_fields()Lukas Fleischer1-1/+4
Make sure that the get_extended_fields() invocation succeeded before merging regular and extended fields in process_query(). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-18Check query return value in db_cache_value()Lukas Fleischer1-0/+3
Instead of unconditionally calling fetch on the return value of query(), error out early if the value evaluates to false. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-18Check query return value in search_results_page()Lukas Fleischer1-2/+5
Instead of unconditionally calling fetch on the return value of query(), error out early if the value evaluates to false. Also, make sure that the results array is always initialized, even if the result set is empty. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-18Check query return value in pkgbase_user_notify()Lukas Fleischer1-4/+3
Instead of unconditionally calling fetch on the return value of query(), error out early if the value evaluates to false. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-16schema: Fix invalid NULL on primary keyFlorian Pritz1-1/+1
>From the mysql 5.7 breaking change page: Columns in a PRIMARY KEY must be NOT NULL, but if declared explicitly as NULL produced no error. Now an error occurs. For example, a statement such as CREATE TABLE t (i INT NULL PRIMARY KEY) is rejected. The same occurs for similar ALTER TABLE statements. (Bug #13995622, Bug #66987, Bug #15967545, Bug #16545198) References: http://stackoverflow.com/a/22314073 Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-16schema: Remove invalid default values for TEXT columnsFlorian Pritz1-4/+4
When running in strict mode, mysql throws an error upon encountering these definitions since they are not supported. References: https://dev.mysql.com/doc/refman/5.7/en/data-type-defaults.html Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-12Add TESTING instructions for web interfaceMark Weiman2-0/+40
Add instructions to test aurweb's web interface via the PHP built-in web server. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-06git-update: Check for missing pkgname entriesLukas Fleischer1-0/+3
Reject commits containing .SRCINFO files without any pkgname entries. Suggested-by: Bruno Pagani <bruno.n.pagani@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-09Release 4.5.1v4.5.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-09Translation updates from TransifexLukas Fleischer7-151/+196
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-04index.php: Remove routes for dropped imagesLukas Fleischer1-3/+0
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-03test/setup.sh: Error out on missing SQLite schemaLukas Fleischer1-1/+3
Instead of making all tests fail, error out during initialization if the SQLite schema has not been generated. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-02account_delete.php: Fix variable nameLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-01gendummydata.py: Fix to make it less db specificMark Weiman1-6/+9
Sqlite3 does not support the MD5 function like MySQL does, instead of the database program hash the passwords, have Python's hashlib module do it instead. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-01Fix quote for Source column defaultMark Weiman1-1/+1
Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-01Add a Makefile to build an SQLite-compatible schemaLukas Fleischer3-10/+18
Allow for automatically converting the schema into a schema that works with SQLite by running `make` from the schema/ subdirectory. Use the new Makefile in the test suite. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-01aur-schema.sql: Do not recreate the databaseLukas Fleischer1-3/+0
Modify the schema such that it only creates the necessary tables, indices and predefined data. This makes it easier to import the schema into a database with a name other than "AUR". Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28pkgbase.php: Fix PHP noticeLukas Fleischer1-3/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28pkgbase.php: Squelch PHP warningLukas Fleischer1-13/+19
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28account.php: Always initialize $successLukas Fleischer1-0/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Squelch warning in pkgbase_vote()Lukas Fleischer1-13/+17
Do not trigger a PHP warning if there are no votes to be added or removed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27flag_comment.php: Hide comment for unflagged packagesLukas Fleischer1-0/+2
Only show the comment paragraph if the package base is actually flagged out-of-date. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Remove bogus if-statement from pkgbase_delete()Lukas Fleischer1-9/+7
The variable $action is always undefined in pkgbase_delete() which makes the if-statement always true and triggers a warning whenever a package base is removed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Fix SQL query to retrieve language settingLukas Fleischer1-3/+5
In commit e171f6f (Migrate all DB code to use PDO, 2012-08-08), PDOStatement::fetchAll() was introduced as a drop-in replacement for mysql_fetch_array(). However, PDOStatement::fetchAll() returns a list of all results while mysql_fetch_array() returns a single result only. Instead of adding the missing indirection, simplify the code by using PDO::fetchColumn(). Also add some safeguards to prevent warnings if the result set returned by the query is empty. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Fix warning with invalid time zoneLukas Fleischer1-0/+3
The SQL query retrieving the time zone from the database may return an empty result set if the session timeout was reached. Handle such cases gracefully by leaving the timezone variable unset. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Fix more warnings occurring with unset SSH keysLukas Fleischer1-2/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27pkgflag.php: Remove stray variableLukas Fleischer1-1/+1
Drop the fragment part of the redirection code which is an artifact of the original code copy-pasted in commit ca954fe (Do not redirect when showing errors during flagging, 2015-10-21). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27404.php: Squelch warning on empty PATH_INFOLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Suppress warning on unset SSH keyLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Do not quote legacy variableLukas Fleischer1-1/+0
The $salt variable is no longer needed as of 29a4870 (Use bcrypt to hash passwords, 2017-02-24). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Always use source_file_uri instead of pkgbuild_uriLukas Fleischer1-1/+1
The pkgbuild_uri option was replaced by source_file_uri in 9df1bd5 (Add direct links to each source file, 2017-02-12). Change one remaining reference to pkgbuild_uri accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Fix SQL query used for creating new accountsLukas Fleischer1-1/+1
Fixes a regression introduced in 608c483 (Add user set timezones, 2017-01-20). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-26Merge branch 'master' into maintLukas Fleischer80-971/+2813
2017-02-26Release 4.5.0v4.5.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-26Translation updates from TransifexLukas Fleischer29-355/+1536
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-25Update message catalogLukas Fleischer1-1/+5
2017-02-25pkgreq_results.php: Hide empty tableLukas Fleischer1-0/+4
Display a message that no requests matched the filter criteria instead of showing an empty package requests table. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Use bcrypt to hash passwordsLukas Fleischer5-146/+68
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Fix user name in disown notificationsLukas Fleischer1-3/+3
Do not overwrite the $uid variable when updating co-maintainers. Fixes FS#52225. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Update message catalogLukas Fleischer1-11/+59
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Add security tracker into navbarMorten Linderud2-0/+2
Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Fix several PHP short open tagsLukas Fleischer7-7/+7
Use "<?=" instead of "<?" for printing. Fixes a regression introduced in a9048bb (Dedupe translatable strings, 2015-11-25). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15pkgbase.php: Add default titleLukas Fleischer1-1/+1
Instead of triggering a PHP warning and using an empty title if no package base is specified, use a default title. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Hide old requests from the dashboardLukas Fleischer2-1/+4
Only show package requests created less than 6 months ago on the dashboard. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Add a parameter to skip old requests to pkgreq_list()Lukas Fleischer1-5/+12
Allow for hiding requests which were opened before a given time stamp. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-14Make aurjson error messages consistentMichael Straube1-2/+2
All error messages in aurjson except two end with a period. Add the missing periods to make the messages consistent. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Add direct links to each source fileJanne Heß3-5/+7
Currently, each source file which is an external link (http://, https://, ...) is a clickable link. This commit extends the behaviour by making files from the repository clickable as well. The link brings the user to the corresponding cgit page. Also, the link to the PKGBUILD is altered to make the configuration more consistent. Signed-off-by: Janne Heß <jannehess@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>