Age | Commit message (Collapse) | Author | Files | Lines |
|
uid_from_sid() is called once at the very beginning of the script,
storing the actual user identifier in "$uid". No need to fire up another
query.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We removed the code depending on this a long time ago - drop it and add
some note to "UPGRADING".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Instead, we just store dependencies directly in the PackageDepends
table. Since we don't use this info anywhere besides the package details
page, there is little value in precalculating what is in the AUR vs.
what is not.
An upgrade path is provided via several SQL statements in the UPGRADING
document. There should be no user-visible change from this, but the DB
schema gets a bit more sane and we no longer have loads of junk packages
in our tables that are never shown to the end user. This should also
help the MySQL query planner in several cases as we no longer have to be
careful to exclude dummy packages on every query.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Set it equal to the SubmittedTS field, which will be our indication the
package is new when we show the logo on the front page of the AUR.
This results in the ability to remove the use of the unindexable
GREATEST() function from the AUR code everywhere we had to use it before
to handle the 0 timestamp case.
Note that there is no race condition here in calling UNIX_TIMESTAMP()
twice- it always returns the time at the beginning of statment
execution:
mysql> select unix_timestamp(), sleep(2), unix_timestamp();
+------------------+----------+------------------+
| unix_timestamp() | sleep(2) | unix_timestamp() |
+------------------+----------+------------------+
| 1300851746 | 0 | 1300851746 |
+------------------+----------+------------------+
1 row in set (2.00 sec)
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We had a ton of duplicate code shared between the insert and update
cases. Do a refactor so we can pull this stuff out below the if/else
block and only need it there once, saving some headaches.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Reject tarballs containing more than one directory or files outside a
directory.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
end() expects a reference but we pass a function return value here.
Using list() is a bit hacky as well as it expects a 0-based array
whereas unpack() returns a 1-based array - thus we use "list(, $foo)".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is quite hacky but this way we can ensure users get comprehensible
error messages when trying to upload ".tar.xz" or ".tar.bz2" files.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Can be used to blacklist package names for normal users. TUs and
developers are not affected. This is especially useful if used together
with a cron job that updates the blacklist periodically, e.g. to reject
packages which are available in the binary repos (FS#12902).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This field is not used anymore, so drop it from the table and remove all
references.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Improves variable substitution in the PKGBUILD parser a bit to avoid
infinite replacement loops when a PKGBUILD contains assigments of the
form "foo=${foo[@]}bar".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Drop the "URLPath" field from the "Packages" table, build URLs from
package names instead.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
- resolve conflict and omit i18n changes.
|
|
Closes: http://bugs.archlinux.org/task/19914
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This solves the problem of include files not being found after an error.
$_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be
installed in a subdirectory.
This closes http://bugs.archlinux.org/task/16887
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Make HTML markup more logical.
Remove some unused style sheets rules.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
makepkg --source should be used to upload packages.
It provides a bit of error checking and it's good to support only a
single format here.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Version using package functions
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
comments need to be removed before concatenating lines, otherwise
not matched brackets can cause problems on submit
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Better detection of the build function.
Better detection of variables.
Support for variables with underscores.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
This only neutralises bash parameter substitution, but doesn't perform
the proper replacement.
Closes FS#13122.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Lines such as foo=$foo in the PKGBUILD would end up in a
infinite replacement cycle when uploaded, thus the upload
times out. In these kind of lines, $foo is replaced not by
"$foo" again, but deleted (missing value for foo).
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
All custom variables are handled during subsitution, as well as
bash "eval" statements.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
The web interface was handling comments in the PKGBUILD variable fields
(such as 'source','depends',etc...) differently from makepkg, because
makepkg ignores the rest of the current line if there is a # character,
while the web interface parsed that as well, and listed the words of the
comment as source files.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Also fix a translation string.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Just like the previous patch for account_from_sid() over-usage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Clean up a couple of notices.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
I forgot about the forms.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
|
|
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Fix for FS#11132 - AUR fails to parse multiline source array
Signed-off-by: Evangelos Foutras <foutrelis@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Try submitting an empty form to the aur
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.
Thanks to Dan McGee for chmod_group.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|