summaryrefslogtreecommitdiffstats
path: root/web/html/packages.php
AgeCommit message (Collapse)AuthorFilesLines
2014-07-15Rework permission handlingLukas Fleischer1-7/+0
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-06-05Collapse long source listsLukas Fleischer1-0/+1
In commit e582cfe (Collapse long dependency lists, 2014-04-18), we added code to automatically collapse dependency and requirement lists with more than 20 entries. Add the same functionality to source lists. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-18Collapse long dependency listsLukas Fleischer1-0/+30
Collapse package dependency lists with more than 20 entries and add a link to show the full list. The JavaScript code for this originates from the archweb project. Note that the full list is shown when JavaScript is disabled or unavailable. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Prefix package functions with pkg_/pkgbase_Lukas Fleischer1-5/+5
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Move package actions to package basesLukas Fleischer1-75/+0
Package actions now operate on package bases instead of packages. Move all actions to the correct locations. This also fixes some issues with comment notifications. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Make the delete function remove package basesLukas Fleischer1-4/+4
Deleting a single package without deleting the whole package base makes no sense. Comments and votes are already stored on a per-package basis, making this a straightforward extension. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-06Style fixes: Capitalization of "true" and "false"Lukas Fleischer1-3/+3
Use "true" instead of "TRUE" and "false" instead of "FALSE" or "False". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Move package comment check to packages.phpLukas Fleischer1-0/+6
Checking whether to add a comment is something that really does not belong to a function named display_package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Use POST-Redirect-GET for most package actionsLukas Fleischer1-0/+6
Avoid showing a POST data resubmission dialog and simply redirect to the package page if a package action completed successfully. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-08-27Add boolean return values to several pkg_*() functionsLukas Fleischer1-12/+13
Change the return values of following functions to return both error/success and an error/success message: * pkg_flag() * pkg_unflag() * pkg_adopt() * pkg_vote() * pkg_delete() * pkg_notify() * pkg_delete_comment() * pkg_change_category() Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-04-20Retrieve package details after package actions are processedcanyonknight1-4/+7
Fixes FS#34508 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-03-21Return 404 error page if invalid package ID is usedLukas Fleischer1-0/+6
We already display the 404 error page if someone tries to access an invalid package via virtual URLs ("/packages/nonexistent"). Add the same check to "web/html/packages.php" to make sure the same error is shown if a user requests package details of a nonexistent package ID via legacy URLs ("/packages.php?ID=-1"). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2013-01-19Add description meta-element to package pagesMarcel Korpel1-4/+7
Implements FS#33294 Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-12-07Split package flagging and unflagging into separate functionscanyonknight@gmail.com1-2/+2
Currently, package flagging and unflagging takes place within the pkg_flag() function. A bool is set to true or false depending on the action. Create new pkg_unflag() function with sole purpose of unflagging and keep pkg_flag() in place. This split will be useful in the overhaul of the notification system. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-1/+1
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Fix category selectionLukas Fleischer1-1/+1
Add a package ID parameter to pkg_change_category() instead of relying on the "ID" or "N" GET parameters. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Do not set GET parameters in the routing frameworkLukas Fleischer1-11/+14
Setting GET parameters manually is bad style and causes some strange side effects when using virtual URLs and mkurl(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-34/+36
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-34/+36
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-06web/html/packages.php: Remove duplicate codeLukas Fleischer1-14/+10
Retrieve the package ID early and merge the if-branches calling package_details(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to packagesLukas Fleischer1-0/+14
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Use 'true' instead of 'True' everywhereDan McGee1-3/+3
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer1-2/+14
Merge all comments and votes of deleted packages into another package if the "Merge with" field is used. Duplicate votes (votes from a user who already voted on the target package or voted on more than one of the deleted packages) are discarded. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-4/+4
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-04Fix PHP warning when browsing a non-existent package.Lukas Fleischer1-4/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix PHP undefined notice in "web/html/packages.php".Lukas Fleischer1-1/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-10More PHP Notice undefined fixupsDan McGee1-1/+5
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-04Add action lookup helper functionDan McGee1-11/+11
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-01Fix potential injection vulnerabilityDan McGee1-2/+7
We trusted the values we pulled out of the IDs array and never coerced them to integers, passing them to the backend unescaped and uncasted. Ensure they are treated as integers only and validate the resulting value is > 0. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-21Auto redirect from confirmation screens.Dan Vratil1-0/+4
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-07-02Confirmation when deleting packagesLukas Fleischer1-2/+7
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-13packages.php: Fix explicit sorting when search keywords aren't specified.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-12packages.php: Only sort by vote if search keyword isn't set.Loui Chang1-1/+1
People entering explicit search terms would expect alphabetical order. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-16packages.php: Check if _GET value is set before assuming a default.Loui Chang1-2/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-15packages.php: Make default view sort packages by descending votes.Loui Chang1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Restyle the layout.Loui Chang1-5/+5
Make HTML markup more logical. Remove some unused style sheets rules. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-4/+4
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-21Fix the comment poop bug.Loui Chang1-3/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-29Add search bar to index and pkg details pagesCallan Barrett1-0/+1
Also changed it around a little bit so it's not tied down the search results function Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-3/+3
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Remove success messages after package functionsCallan Barrett1-32/+21
Just displays message at the top of the page of what happened (errors or not) and goes back to the same page Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-20Change behaviour of package functions to accept normal arraysCallan Barrett1-4/+6
Package functions use a normal array of pkgids now and packages.php has been changed to accomodate for it Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-23Clean up packages.php and document new package functionsCallan Barrett1-29/+19
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-13Move package notification into a function.Loui Chang1-45/+8
Also modify the way notification is done. Instead of toggling notification, users can explicitly notify or unnotify. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-30Convert package voting to a functionCallan Barrett1-106/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-28Convert package adoption/disowning to a functionCallan Barrett1-94/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-17Convert package deletion to a functionCallan Barrett1-86/+4
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-15Convert package flagging to a functionCallan Barrett1-95/+6
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>