summaryrefslogtreecommitdiffstats
path: root/web/html/pkgsubmit.php
AgeCommit message (Collapse)AuthorFilesLines
2011-04-27SQL: treat all UID/ID values as numbers, not stringsDan McGee1-1/+1
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-24pkgsubmit.php: Ensure the session is linked to a valid user.Lukas Fleischer1-3/+8
Prevent race conditions that may occur when either the session or the user is deleted before we extract the actual user identifier. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-24pkgsubmit.php: Remove redundant uid_from_sid() invocations.Lukas Fleischer1-3/+1
uid_from_sid() is called once at the very beginning of the script, storing the actual user identifier in "$uid". No need to fire up another query. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-05Remove File_Find PEAR module from code base.Lukas Fleischer1-1/+0
We removed the code depending on this a long time ago - drop it and add some note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Remove Dummy Package conceptDan McGee1-13/+4
Instead, we just store dependencies directly in the PackageDepends table. Since we don't use this info anywhere besides the package details page, there is little value in precalculating what is in the AUR vs. what is not. An upgrade path is provided via several SQL statements in the UPGRADING document. There should be no user-visible change from this, but the DB schema gets a bit more sane and we no longer have loads of junk packages in our tables that are never shown to the end user. This should also help the MySQL query planner in several cases as we no longer have to be careful to exclude dummy packages on every query. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Always set ModifiedTS including new packagesDan McGee1-1/+1
Set it equal to the SubmittedTS field, which will be our indication the package is new when we show the logo on the front page of the AUR. This results in the ability to remove the use of the unindexable GREATEST() function from the AUR code everywhere we had to use it before to handle the 0 timestamp case. Note that there is no race condition here in calling UNIX_TIMESTAMP() twice- it always returns the time at the beginning of statment execution: mysql> select unix_timestamp(), sleep(2), unix_timestamp(); +------------------+----------+------------------+ | unix_timestamp() | sleep(2) | unix_timestamp() | +------------------+----------+------------------+ | 1300851746 | 0 | 1300851746 | +------------------+----------+------------------+ 1 row in set (2.00 sec) Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Submission process code refactorDan McGee1-61/+35
We had a ton of duplicate code shared between the insert and update cases. Do a refactor so we can pull this stuff out below the if/else block and only need it there once, saving some headaches. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Be more restrictive with source tarball contents.Lukas Fleischer1-2/+13
Reject tarballs containing more than one directory or files outside a directory. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix PHP notice when submitting an empty file.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix strict standards warnings in "web/html/pkgsubmit.php".Lukas Fleischer1-2/+2
end() expects a reference but we pass a function return value here. Using list() is a bit hacky as well as it expects a 0-based array whereas unpack() returns a 1-based array - thus we use "list(, $foo)". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Check if submitted files are in GZIP format.Lukas Fleischer1-2/+16
This is quite hacky but this way we can ensure users get comprehensible error messages when trying to upload ".tar.xz" or ".tar.bz2" files. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-25Reject blacklisted packages on initial submission only.Lukas Fleischer1-9/+9
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer1-0/+12
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Reject packages with subdirectories (fixes FS#22995).Lukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer1-5/+7
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Use move_uploaded_file() instead of rename() in "pkgsubmit.php".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add a package name blacklist.Lukas Fleischer1-0/+9
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Minor variable parser bug fix (cf. commits 492c8c66, 7a58e99e).Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Parse versioned deps correctly when using "<" or ">" (fixes FS#22679).Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Remove "FSPath" column from "Packages" table.Lukas Fleischer1-5/+3
This field is not used anymore, so drop it from the table and remove all references. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Improve PKGBUILD variable parser correctness (cf. commit 492c8c66).Lukas Fleischer1-4/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee1-3/+2
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28Avoid infinite loop in PKGBUILD variable parser (fixes FS#19482).Lukas Fleischer1-9/+17
Improves variable substitution in the PKGBUILD parser a bit to avoid infinite replacement loops when a PKGBUILD contains assigments of the form "foo=${foo[@]}bar". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Replaced rm_rf() by rm_tree().Lukas Fleischer1-1/+1
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-24Build URLs from package names (fixes FS#15308, FS#19327).Lukas Fleischer1-5/+3
Drop the "URLPath" field from the "Packages" table, build URLs from package names instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Removed code for tarball extraction.Lukas Fleischer1-48/+12
Automatic tarball extraction was vulnerable in different ways. Users should also only use source tarballs to build packages, so this has been removed completely. From now on, only the PKGBUILD is extracted in a secure manner. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-06-24pkgsubmit: Remove build function checkAndrea Scarpino1-15/+1
Closes: http://bugs.archlinux.org/task/19914 Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-05pkgsubmit: store the previous path with getcwd()mickael91-1/+3
This solves the problem of include files not being found after an error. $_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be installed in a subdirectory. This closes http://bugs.archlinux.org/task/16887 Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24pkgsubmit.php: Remove redundant error message.Loui Chang1-8/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Restyle the layout.Loui Chang1-0/+5
Make HTML markup more logical. Remove some unused style sheets rules. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-10pkgsubmit: Instruct users how to make source packages.Loui Chang1-6/+7
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-09-29Remove the plain PKGBUILD upload feature.Loui Chang1-4/+0
makepkg --source should be used to upload packages. It provides a bit of error checking and it's good to support only a single format here. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-5/+5
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-25Remove excess whitespace.1.5.6.3Loui Chang1-6/+6
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-18Turn on package notification by default for new packagesCallan Barrett1-0/+3
Version using package functions Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-06-18fix FS#13122 (again): removing comment removal as early as possibleGergely Imreh1-3/+3
comments need to be removed before concatenating lines, otherwise not matched brackets can cause problems on submit Signed-off-by: Gergely Imreh <imrehg@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-04-01Tweak the bash parsing for package submission.Loui Chang1-10/+17
Better detection of the build function. Better detection of variables. Support for variables with underscores. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-16Correct comment removal in pkgsubmit.php1.5.6.1Gergely Imreh1-4/+7
This only neutralises bash parameter substitution, but doesn't perform the proper replacement. Closes FS#13122. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-15Fix: FS#13189, infinite variable replacement cycleGergely Imreh1-1/+5
Lines such as foo=$foo in the PKGBUILD would end up in a infinite replacement cycle when uploaded, thus the upload times out. In these kind of lines, $foo is replaced not by "$foo" again, but deleted (missing value for foo). Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-28FS#2649, FS#12645: subsititution of all variables and "eval"Gergely Imreh1-11/+26
All custom variables are handled during subsitution, as well as bash "eval" statements. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-15Fix: FS#12698 - AUR does not ignore comment lines in PKGBUILD source field.Gergely Imreh1-6/+13
The web interface was handling comments in the PKGBUILD variable fields (such as 'source','depends',etc...) differently from makepkg, because makepkg ignores the rest of the current line if there is a # character, while the web interface parsed that as well, and listed the words of the comment as source files. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-08Don't require source or md5sum arrays in PKGBUILDs.Loui Chang1-2/+3
Also fix a translation string. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-04Minimize calls to uid_from_sid()Dan McGee1-5/+7
Just like the previous patch for account_from_sid() over-usage. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-29Correct undefined constant error in pkgsubmit.Loui Chang1-4/+6
Clean up a couple of notices. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-22Really make all web paths relative.Loui Chang1-1/+1
I forgot about the forms. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-2/+2
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-20Fix PKGBUILD source array parsing.Evangelos Foutras1-1/+3
Fix for FS#11132 - AUR fails to parse multiline source array Signed-off-by: Evangelos Foutras <foutrelis@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>