summaryrefslogtreecommitdiffstats
path: root/web/html/packages.php
AgeCommit message (Collapse)AuthorFilesLines
2012-09-18Fix category selectionLukas Fleischer1-1/+1
Add a package ID parameter to pkg_change_category() instead of relying on the "ID" or "N" GET parameters. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Do not set GET parameters in the routing frameworkLukas Fleischer1-11/+14
Setting GET parameters manually is bad style and causes some strange side effects when using virtual URLs and mkurl(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-34/+36
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-34/+36
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-06web/html/packages.php: Remove duplicate codeLukas Fleischer1-14/+10
Retrieve the package ID early and merge the if-branches calling package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to packagesLukas Fleischer1-0/+14
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Use 'true' instead of 'True' everywhereDan McGee1-3/+3
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer1-2/+14
Merge all comments and votes of deleted packages into another package if the "Merge with" field is used. Duplicate votes (votes from a user who already voted on the target package or voted on more than one of the deleted packages) are discarded. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-4/+4
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-04Fix PHP warning when browsing a non-existent package.Lukas Fleischer1-4/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix PHP undefined notice in "web/html/packages.php".Lukas Fleischer1-1/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-10More PHP Notice undefined fixupsDan McGee1-1/+5
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Add action lookup helper functionDan McGee1-11/+11
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-01Fix potential injection vulnerabilityDan McGee1-2/+7
We trusted the values we pulled out of the IDs array and never coerced them to integers, passing them to the backend unescaped and uncasted. Ensure they are treated as integers only and validate the resulting value is > 0. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-21Auto redirect from confirmation screens.Dan Vratil1-0/+4
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-07-02Confirmation when deleting packagesLukas Fleischer1-2/+7
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-13packages.php: Fix explicit sorting when search keywords aren't specified.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-12packages.php: Only sort by vote if search keyword isn't set.Loui Chang1-1/+1
People entering explicit search terms would expect alphabetical order. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-16packages.php: Check if _GET value is set before assuming a default.Loui Chang1-2/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-15packages.php: Make default view sort packages by descending votes.Loui Chang1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Restyle the layout.Loui Chang1-5/+5
Make HTML markup more logical. Remove some unused style sheets rules. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-4/+4
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-21Fix the comment poop bug.Loui Chang1-3/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-29Add search bar to index and pkg details pagesCallan Barrett1-0/+1
Also changed it around a little bit so it's not tied down the search results function Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-3/+3
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Remove success messages after package functionsCallan Barrett1-32/+21
Just displays message at the top of the page of what happened (errors or not) and goes back to the same page Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-20Change behaviour of package functions to accept normal arraysCallan Barrett1-4/+6
Package functions use a normal array of pkgids now and packages.php has been changed to accomodate for it Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-23Clean up packages.php and document new package functionsCallan Barrett1-29/+19
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-13Move package notification into a function.Loui Chang1-45/+8
Also modify the way notification is done. Instead of toggling notification, users can explicitly notify or unnotify. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-30Convert package voting to a functionCallan Barrett1-106/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-28Convert package adoption/disowning to a functionCallan Barrett1-94/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-17Convert package deletion to a functionCallan Barrett1-86/+4
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-15Convert package flagging to a functionCallan Barrett1-95/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-11Make use of PEAR packages in pkgsubmit.phpCallan Barrett1-10/+6
Uses File_Find and Archive_Tar in pkgsubmit.php Removes references to PackageContents Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-06-05Disable user package deletionCallan Barrett1-3/+0
Users can no longer delete packages if they own them, only TUs and devs Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-03-27Remove references to AURMaintainerUIDCallan Barrett1-112/+82
This (should) get rid of anything to do with the unused column AURMaintainerUID in the scripts and schema files Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Revamped pkg_search_page()Simo Leone1-3/+1
- Reduced database hits - Improved speed - Improved sanity (slightly) - Fixed searches,buttons,gizmos Signed-off-by: Simo Leone <simo@archlinux.org>
2008-03-23Fix weird title setting on search pageCallan Barrett1-1/+1
This is to fix FS#9610, pretty simple patch Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-23Removed QBUG and DBUGSimo Leone1-9/+0
It was broken and hardly used. It's just as easy to add short print statements or logging if some debugging output is needed. Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-21Fix package detail action buttonsSimo Leone1-8/+8
Drop-down boxes broke them, now they work again. Yippee! Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-20Turn action bar into drop boxCallan Barrett1-14/+12
Moves the action bar down to the bottom right of the search results and turns it into a drop-down selection box. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2008-01-20More cleanup, add TU link to headerCallan Barrett1-1/+1
Cleans up links on front page, adds a TU link to the header to the voting application, fixes some titles and styling for logged in text Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Support for verbose page titlesCallan Barrett1-1/+18
Verbose page titles again Adds support for more verbose page titles based on current page and action by user and removes sort by options from search form as they're obsolete by column links. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Tweaks of various page layouts and handling of dataCallan Barrett1-28/+2
This is a patch that fixes a lot of little things: * We no longer have pkgsearch or pkgdetails link functions and all references to them are gone, that's what a back button is for and if we really need it we can come up with something better * No longer have do_Details variable, this means links on the package search are simply ?ID=foo * On the pkgdetails pages when there are either no deps, deps by, sources or comments for a package the list for each will display "None" instead of nothing at all (ruining the layout) * Fixed a bug where if a package had no sources or no deps pkgsubmit.php would submit an empty one * Translation of the word "Search'" has been changed to "Search" Most of these relate to each other. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Add notify column in search results and notify buttonCallan Barrett1-31/+23
Adds a column to search results showing if a package has comment notification enabled and adds support for toggling notify for multiple packages from search Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Adds support for TUs and devs to disown packages they do not ownCallan Barrett1-1/+4
This is to add support for either devs or TUs to disown packages whether they own them or not. I know of countless times where I or another TU have been asked to orphan packages for someone and end up having to adopt the package first and then disown it, this gets really tedious for more than one package. As far as I can tell there's no other way to disown packages you don't own and if there is at least this is a more obvious way, pretty sure I didn't leave anything out in the patch. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20Hand diff of simo's patch to remove flag safe functionality.eliott1-49/+0
Simo's original commit text: The idea of safe flagging is unclear, poorly named, misunderstood, and not even used. At the time this patch was created, less than a third of the packages in unsupported were flagged safe, and less than a tenth of users knew how to interpret it. The safe flag has been replaced by a disclaimer on the main page.
2007-10-02Fixed version strings.tardo1-1/+1
Added AUR_VERSION to config file, so now we should only need to change one location. KISS ftw. Signed-off-by: tardo <tardo@nagi-fanboi.net>