summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2011-03-01Fix potential injection vulnerabilityDan McGee1-2/+7
We trusted the values we pulled out of the IDs array and never coerced them to integers, passing them to the backend unescaped and uncasted. Ensure they are treated as integers only and validate the resulting value is > 0. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-28AUTHORS: Move Callan from "Current Maintainers" to "Contributors".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-28AUTHORS: Rename "Current Contributors" to "Current Maintainers".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-28Remove database recreation code from "support/schema/reloadtestdb.sh".Lukas Fleischer1-6/+0
Database is being dropped and recreated in the schema, so there's no need to do this in "reloadtestdb.sh" as well. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-28Specify utf8 in database schema.Loui Chang1-4/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Add note on merging "web/lib/config.inc.proto" to "UPGRADING".Lukas Fleischer1-0/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Fix some minor bugs in "support/schema/gendummydata.py".Lukas Fleischer1-2/+2
The dummy data generation script used to create wrong package IDs for both "PackageVotes" and "PackageDepends" tables which led to errors when reloading the test data (constraints failed). This is fixed by no longer creating entries with zero ("0") package IDs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Set the character set when connecting to mysqlFlorian Pritz1-0/+2
We should not rely on the default server setting staying the same forever. Signed-off-by: Florian Pritz <bluewind@server-speed.net> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Add "ENGINE = InnoDB" to "CREATE TABLE" statements in the SQL schema.Lukas Fleischer1-13/+13
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer8-10/+20
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Add note on upgrading from MyISAM to InnoDB to "UPGRADING".Lukas Fleischer1-0/+24
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "PackageComments.DelUsersID" as "NULL".Lukas Fleischer3-3/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-26Add missing foreign keys and constraints to the DB.Lukas Fleischer2-5/+37
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-26Use a real sync algorithm in aurblup (fixes FS#23039).Lukas Fleischer1-37/+101
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-25Reject blacklisted packages on initial submission only.Lukas Fleischer1-9/+9
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer2-0/+17
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Add a per-user session limit (fixes FS#12898).Lukas Fleischer2-1/+18
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-22Add ability to search for non-out-of-date packages (fixes FS#17896).Lukas Fleischer2-6/+20
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Reject packages with subdirectories (fixes FS#22995).Lukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Fix typo in "web/lib/pkgfuncs.inc".Wieland Hoffmann1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Make persistent cookie timeout configurable via "config.inc" (FS#22994).Lukas Fleischer2-1/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer2-6/+8
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Use move_uploaded_file() instead of rename() in "pkgsubmit.php".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-20Release 1.8.0.1.8.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18Add myself to "AUTHORS".Lukas Fleischer1-0/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18"TODO" cleanup.Lukas Fleischer1-6/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18Support for langauges written right-to-leftPyroPeter3-16/+46
Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18pkg_search_results: replace blind-table with floating divsPyroPeter3-61/+72
* I tried to remove errors in the sgml-structure e.g.: <div> <?php if (foo) { ?> </div> <?php } ?> * I did not remove or add code (except the <table> and <div> stuff, of cause). I only changed the order of the html/php-tags. * The bottom and top of the script are now properly indented. I did not indent the middle part (table of search results) because that would render the diff completely useless. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-17pkg_search_results: rewrite of paginationPyroPeter3-69/+46
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-15Add note on InnoDB compatibility to "UPGRADING".Lukas Fleischer1-0/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add note about aurblup to "UPGRADING".Lukas Fleischer1-0/+18
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Update aurblup "README".Lukas Fleischer1-1/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Use VARCHAR instead of CHAR in "PackageBlacklist" table.Lukas Fleischer2-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add support for MySQL transactions to aurblup.Lukas Fleischer2-0/+19
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Fix typos in aurblup source and "README".Lukas Fleischer2-3/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add packages' provides and replaces to the blacklist in aurblup.Lukas Fleischer1-11/+27
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Fix memory leak in aurblup.Lukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add AUR package blacklist updater (aurblup).Lukas Fleischer6-0/+303
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add a package name blacklist.Lukas Fleischer4-0/+47
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-10Remove unused fulltext index from "Packages" table.Lukas Fleischer2-2/+9
Drop fulltext indexes, which prevent the use of InnoDB, from "Packages" table. All search routines use "LIKE" patterns, so fulltext search has actually never been used. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-09Minor bugfix in pkg_change_category().Lukas Fleischer1-1/+1
This cleans up some broken MySQL query introduced by commit 57a5cbfd. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-09Use VARCHAR instead of CHAR where appropriate.Lukas Fleischer2-14/+30
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-08Show submitter in package details (fixes FS#15488).Lukas Fleischer1-0/+11
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Minor variable parser bug fix (cf. commits 492c8c66, 7a58e99e).Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Parse versioned deps correctly when using "<" or ">" (fixes FS#22679).Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop "PackageContents" table and references.Lukas Fleischer3-40/+1
We don't even touch source tarballs anymore - except for extracting the PKGBUILD, so this is no longer needed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Remove "FSPath" column from "Packages" table.Lukas Fleischer3-7/+4
This field is not used anymore, so drop it from the table and remove all references. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Improve PKGBUILD variable parser correctness (cf. commit 492c8c66).Lukas Fleischer1-4/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee11-189/+62
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28Avoid infinite loop in PKGBUILD variable parser (fixes FS#19482).Lukas Fleischer1-9/+17
Improves variable substitution in the PKGBUILD parser a bit to avoid infinite replacement loops when a PKGBUILD contains assigments of the form "foo=${foo[@]}bar". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>