summaryrefslogtreecommitdiffstats
path: root/web/html
AgeCommit message (Collapse)AuthorFilesLines
2017-11-28Sync CSS with archwebLukas Fleischer3-7/+48
This partially fixes FS#56472. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-05login.php: Escape quotes in the referer fieldLukas Fleischer1-1/+1
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-30Add support for Terms of Service documentsLukas Fleischer1-0/+50
This allows for adding Terms of Service documents to the database that registered users need to accept before using the AUR. A revision field can be used to indicate whether a document was updated. If it is increased, all users are again asked to accept the new terms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-27Call check_sid() from a central locationLukas Fleischer18-47/+0
Instead of calling check_sid() from every single PHP script representing a web page, add the call to aur.inc.php which is sourced by all of them. Also, remove set_lang() calls from the scripts since these are also already included in aur.inc.php. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-24Fix the comment collapse featureLukas Fleischer1-11/+12
In commit 4abde89 (Use JavaScript to collapse long comments, 2017-04-19), support for collapsing/expanding long comments was added. This was broken by the recent Markdown support since comments no longer live inside a single HTML paragraph. Fix this by wrapping each comment in another div container. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-20Use JavaScript to collapse long commentsLukas Fleischer2-5/+35
Instead of using CSS to limit the height of package comments as implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12), use JavaScript to collapse long comments and add a link to expand them. Clicking the same link twice results in the corresponding comment being collapsed again. If JavaScript is disabled, the full comments are shown (without any possibility to collapse or expand). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-04index.php: Remove routes for dropped imagesLukas Fleischer1-3/+0
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28pkgbase.php: Fix PHP noticeLukas Fleischer1-3/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28pkgbase.php: Squelch PHP warningLukas Fleischer1-13/+19
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-28account.php: Always initialize $successLukas Fleischer1-0/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27pkgflag.php: Remove stray variableLukas Fleischer1-1/+1
Drop the fragment part of the redirection code which is an artifact of the original code copy-pasted in commit ca954fe (Do not redirect when showing errors during flagging, 2015-10-21). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27404.php: Squelch warning on empty PATH_INFOLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Use bcrypt to hash passwordsLukas Fleischer1-4/+1
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Fix several PHP short open tagsLukas Fleischer4-4/+4
Use "<?=" instead of "<?" for printing. Fixes a regression introduced in a9048bb (Dedupe translatable strings, 2015-11-25). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15pkgbase.php: Add default titleLukas Fleischer1-1/+1
Instead of triggering a PHP warning and using an empty title if no package base is specified, use a default title. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Hide old requests from the dashboardLukas Fleischer1-1/+3
Only show package requests created less than 6 months ago on the dashboard. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Move package search links on the dashboardLukas Fleischer1-2/+4
Move the package search links below the section headings. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Move my packages to separate dashboard sectionsLukas Fleischer1-6/+10
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add requests to dashboardLukas Fleischer1-0/+6
Add a new table which shows all package requests affecting the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Add a flag to hide headersLukas Fleischer1-0/+1
Introduce a new boolean flag that can be used to disable extended headers, pagination and forms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Split out package results boxLukas Fleischer1-0/+2
Do not include the wrapper div container in the template. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add flagged packages to the dashboardLukas Fleischer1-0/+12
Implement a table that shows all packages which are flagged out-of-date and either maintained or co-maintained by the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add links to all owned packages to the dashboardLukas Fleischer1-2/+2
In addition to showing the 50 most recent maintained and co-maintained packages, add links to all packages one owns or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Add dashboardLukas Fleischer1-2/+34
For logged in users, the home page is replaced with an overview of the packages the user maintains or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04pkg_search_results.php: Split out package results boxLukas Fleischer1-0/+2
Do not print the wrapper div container when calling pkg_search_page(). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Refactor pkg_search_page()Lukas Fleischer1-2/+2
* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-03Split out the search form from pkg_search_page()Lukas Fleischer1-1/+2
This makes it easier to display search results without showing the search form. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20account.php: Reformat process_account_form() callMark Weiman1-6/+18
Modify the call to process_account_form() to only having one parameter per line. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman3-1/+6
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Add clone hints to 404 error pagesLukas Fleischer1-0/+33
When clicking on the linked Git clone URL of a package base, users are faced with a 404 error page since the URL is not supposed to be opened in a web browser. Add some notes to 404 error pages corresponding to Git clone URLs that explain how to use them instead. Fixes FS#51266. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-25Add missing database and account fieldsJohannes Löthberg2-11/+43
Commits 6ec4a35 (Send notifications when changing ownership, 2016-02-21) and e3670ef (Add a homepage field to accounts, 2016-06-02) forgot to change some usages of display_account_form() and process_account_form() to account for the new parameter. The former also forgot to add the new column to the database schema. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-08Add a homepage field to accountsLukas Fleischer1-15/+38
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-13Remove code referencing non-existent and unused fileIan D. Scott1-4/+0
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-13Limit comment height to 15 linesEric Engestrom1-0/+5
Signed-off-by: Eric Engestrom <eric@engestrom.ch> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add support for package update notificationsLukas Fleischer2-7/+7
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add global comment notification settingLukas Fleischer2-8/+14
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-31Remove 'new' tag from updates tableMarcel Korpel2-11/+0
It was hard to make it consistent with the other new icons from Open Iconic and it hadn't much use after all. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-31Make RSS icon dark gray and only blue on hoverMarcel Korpel1-2/+2
The other new icons (in package comments) behave the same way. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-30Shorten maxlength of email input fields to 254 charactersMarcel Korpel1-1/+1
After 24734d0 (Shorten Email column to 254 characters, 2015-11-12) the maximum length of the input fields should be shortened, too. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-23Add comment undeletion functionalityMarcel Korpel5-3/+44
Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-15Add link to flag OOD commentMark Weiman3-0/+26
Implements: FS#46546 Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Replace new package iconLukas Fleischer3-1/+4
Use a flat icon from the Open Iconic collection to mark new packages. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Replace RSS feed iconLukas Fleischer3-1/+4
Use a flat icon from the Open Iconic collection for the RSS feed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Remove old logosLukas Fleischer4-3/+1
Remove some very old and outdated logos. Update the RSS feed to use the new logo. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Add the Open Iconic licenseLukas Fleischer1-0/+26
The new SVG icons used in aurweb are taken from the Open Iconic project. Add their license to our source tree. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Implement capability to pin comments above othersMark Weiman7-3/+18
Adds capability to pin comments before others. Implements FS#10863. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-26Dedupe translatable stringsLukas Fleischer4-4/+4
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-25Change "File Request" to "Submit Request"Eli Schwartz1-1/+1
Apparently the reference to "files" can be confusing. Fixes FS#47167. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-25Support long email addressesLukas Fleischer1-1/+1
According to RFC 3696 (and the associated errata), an email address can be up to 256 characters long. Change the database field and the length limit on all input fields accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Highlight broken dependenciesLukas Fleischer1-0/+5
If a dependency neither exists in the official repositories nor in the AUR, make it appear bold red. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>