summaryrefslogtreecommitdiffstats
path: root/web/html/tu.php
AgeCommit message (Collapse)AuthorFilesLines
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-1/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij1-1/+1
Lukas: Add note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17test return value from db_query before assuming it is validelij1-3/+14
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27create variable before referencing it with .=elij1-0/+1
fixes php notice level error: Undefined variable: whovoted in ../tu.php Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: use standard LIMIT/OFFSET syntaxDan McGee1-1/+1
Increases compatibility with standard SQL dialect. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-1/+1
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-12-05Do not display current votes in All Votes, and rename it as Past VotesAndrea Scarpino1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26tu.php: Sort votes by descending date.Loui Chang1-4/+4
Also make syntax more straightforward. 'asc' is ascending, rather than 'up'. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu: Bring Trusted User interface in line with the rest of the site.Loui Chang1-12/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu.php: Remove trailing whitespace.Loui Chang1-4/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-10-26Untranslate TU vote fields so they're properly saved in the database.Loui Chang1-3/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-08-11Use include_once where applicableDan McGee1-1/+1
All of these are sourcing function libraries so we don't need to include them more than once. Things that insert actual HTML into the output were left calling include(). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13Change layout of tu_details.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-13List TUs that voted on a proposal.Angel 'angvp' Velasquez1-0/+13
This patch lists who voted on a proposal after the proposal is closed. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-19Use new conglomerated translation files.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-12-21Introduce function include_lang for translations.Loui Chang1-2/+2
This includes only the requested language for each page and makes top level language include files obsolete. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-11-10Tweak TU interface for appearance.Loui Chang1-8/+13
Show ten votes per page instead of five. Change the vote preview to 75 characters so entries fit better in the table. Remove [More] links and make the description itself a link. Clean up a couple notices. Send unauthorised users to index.php. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-10-07Setup translation files for tu.phpCallan Barrett1-1/+1
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-10-06Major rearrangement of tu.php, strings setup for translationCallan Barrett1-368/+70
All the strings are set up to be translated now, HTML of tu.php has been moved to templates and the worst of it rewritten (there's no longer a massive function in it) Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-06-17Remove all vim mode lines. Add HACKING file.Loui Chang1-1/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2008-01-20Add support for variable length votes in voting applicationCallan Barrett1-55/+76
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
2008-01-20AUR Voting ApplicationCallan Barrett1-0/+431
Added support for TU voting through AUR Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>