summaryrefslogtreecommitdiffstats
path: root/web/html
AgeCommit message (Collapse)AuthorFilesLines
2011-03-01Fix potential injection vulnerabilityDan McGee1-2/+7
We trusted the values we pulled out of the IDs array and never coerced them to integers, passing them to the backend unescaped and uncasted. Ensure they are treated as integers only and validate the resulting value is > 0. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-25Reject blacklisted packages on initial submission only.Lukas Fleischer1-9/+9
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-23Protect users against ZIP bombs (fixes FS#22991).Lukas Fleischer1-0/+12
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Reject packages with subdirectories (fixes FS#22995).Lukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Automatically adopt when updating an orphan package (fixes FS#22992).Lukas Fleischer1-5/+7
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-21Use move_uploaded_file() instead of rename() in "pkgsubmit.php".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18Support for langauges written right-to-leftPyroPeter2-15/+45
Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-18pkg_search_results: replace blind-table with floating divsPyroPeter2-1/+16
* I tried to remove errors in the sgml-structure e.g.: <div> <?php if (foo) { ?> </div> <?php } ?> * I did not remove or add code (except the <table> and <div> stuff, of cause). I only changed the order of the html/php-tags. * The bottom and top of the script are now properly indented. I did not indent the middle part (table of search results) because that would render the diff completely useless. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-17pkg_search_results: rewrite of paginationPyroPeter1-6/+6
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-11Add a package name blacklist.Lukas Fleischer1-0/+9
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Minor variable parser bug fix (cf. commits 492c8c66, 7a58e99e).Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-02Parse versioned deps correctly when using "<" or ">" (fixes FS#22679).Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Remove "FSPath" column from "Packages" table.Lukas Fleischer1-5/+3
This field is not used anymore, so drop it from the table and remove all references. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Improve PKGBUILD variable parser correctness (cf. commit 492c8c66).Lukas Fleischer1-4/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-01Drop PackageLocations table and referencesDan McGee1-3/+2
We don't need this anymore since all packages managed here are well...managed here. Rip out all of the places we were using this field, many of which depended on the magic value '2' anyway. On the display side of things, we had a column that was always showing 'unsupported' that is now gone, and you can no longer sort by this column. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28Avoid infinite loop in PKGBUILD variable parser (fixes FS#19482).Lukas Fleischer1-9/+17
Improves variable substitution in the PKGBUILD parser a bit to avoid infinite replacement loops when a PKGBUILD contains assigments of the form "foo=${foo[@]}bar". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-28Use UTF-8 in RSS feeds (fixes FS#10706).Lukas Fleischer1-3/+7
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Replaced rm_rf() by rm_tree().Lukas Fleischer1-1/+1
Implemented recursive directory deletion in PHP properly without the use of exec(). This improves security, performance and portability and makes the code compatible with PHP's Safe Mode as well as with PHP setups that disable exec() using the "disable_functions" directive. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-25Removed links to internal sources from package details.Lukas Fleischer1-0/+6
Tarball extraction code has been removed in commit ec0dfc27deb246ee7d7f19fd5290e499805869d2, so links to package sources contained in the source tarball itself will no longer be accessible through the AUR frontend. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-24Build URLs from package names (fixes FS#15308, FS#19327).Lukas Fleischer1-5/+3
Drop the "URLPath" field from the "Packages" table, build URLs from package names instead. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-20Black fonts for out-of-date rows in search results (fixes FS#20514).Lukas Fleischer1-0/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Removed code for tarball extraction.Lukas Fleischer1-48/+12
Automatic tarball extraction was vulnerable in different ways. Users should also only use source tarballs to build packages, so this has been removed completely. From now on, only the PKGBUILD is extracted in a secure manner. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-12-05Do not display current votes in All Votes, and rename it as Past VotesAndrea Scarpino1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-11-21Auto redirect from confirmation screens.Dan Vratil3-109/+8
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-11-21Bold links in the archnavbar header.Lukas Fleischer1-0/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-11-03Set background-color to white.Loui Chang1-0/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-10-08Modify some strings for translation.Loui Chang1-4/+3
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-08-12Fix the search-button to allow captions wider than 80px (e.g. in german ↵PyroPeter1-1/+1
translation) Change width to min-width. - Loui Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-23Header and navbar consistent with Arch site redesignDenis Kobozev3-0/+41
-- Loui Chang Change is_tu to check_user_privileges Change div#archdev-navbar style Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-07-02Confirmation when deleting packagesLukas Fleischer1-2/+7
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-24pkgsubmit: Remove build function checkAndrea Scarpino1-15/+1
Closes: http://bugs.archlinux.org/task/19914 Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-06-05pkgsubmit: store the previous path with getcwd()mickael91-1/+3
This solves the problem of include files not being found after an error. $_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be installed in a subdirectory. This closes http://bugs.archlinux.org/task/16887 Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-04-17Support for storing salted passwordsDenis1-1/+4
To upgrade existing databases: ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-13packages.php: Fix explicit sorting when search keywords aren't specified.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-12titlelogo.png: Update againLoui Chang1-0/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-03-12packages.php: Only sort by vote if search keyword isn't set.Loui Chang1-1/+1
People entering explicit search terms would expect alphabetical order. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2010-02-26Update Arch Linux titlelogo.Loui Chang1-0/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-26tu.php: Sort votes by descending date.Loui Chang1-4/+4
Also make syntax more straightforward. 'asc' is ascending, rather than 'up'. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-16packages.php: Check if _GET value is set before assuming a default.Loui Chang1-2/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-12-15packages.php: Make default view sort packages by descending votes.Loui Chang1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Change legend style and default font size.Loui Chang2-1/+7
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Reposition language menu in the header.Loui Chang1-2/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24pkgsubmit.php: Remove redundant error message.Loui Chang1-8/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Remove obsolete images.Loui Chang4-0/+0
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Bring TU addvote into the current layout.Loui Chang3-19/+25
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-24Restyle the layout.Loui Chang4-122/+73
Make HTML markup more logical. Remove some unused style sheets rules. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu: Bring Trusted User interface in line with the rest of the site.Loui Chang1-12/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-11-23tu.php: Remove trailing whitespace.Loui Chang1-4/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>