Age | Commit message (Collapse) | Author | Files | Lines |
|
This partially fixes FS#56472.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.
Fixes FS#55286.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This allows for adding Terms of Service documents to the database that
registered users need to accept before using the AUR. A revision field
can be used to indicate whether a document was updated. If it is
increased, all users are again asked to accept the new terms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of calling check_sid() from every single PHP script representing
a web page, add the call to aur.inc.php which is sourced by all of them.
Also, remove set_lang() calls from the scripts since these are also
already included in aur.inc.php.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In commit 4abde89 (Use JavaScript to collapse long comments,
2017-04-19), support for collapsing/expanding long comments was added.
This was broken by the recent Markdown support since comments no longer
live inside a single HTML paragraph. Fix this by wrapping each comment
in another div container.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of using CSS to limit the height of package comments as
implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12),
use JavaScript to collapse long comments and add a link to expand them.
Clicking the same link twice results in the corresponding comment being
collapsed again.
If JavaScript is disabled, the full comments are shown (without any
possibility to collapse or expand).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Drop the fragment part of the redirection code which is an artifact of
the original code copy-pasted in commit ca954fe (Do not redirect when
showing errors during flagging, 2015-10-21).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use "<?=" instead of "<?" for printing.
Fixes a regression introduced in a9048bb (Dedupe translatable strings,
2015-11-25).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of triggering a PHP warning and using an empty title if no
package base is specified, use a default title.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Only show package requests created less than 6 months ago on the
dashboard.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Move the package search links below the section headings.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a new table which shows all package requests affecting the currently
logged in user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a new boolean flag that can be used to disable extended
headers, pagination and forms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not include the wrapper div container in the template.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implement a table that shows all packages which are flagged out-of-date
and either maintained or co-maintained by the currently logged in user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to showing the 50 most recent maintained and co-maintained
packages, add links to all packages one owns or co-maintains.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
For logged in users, the home page is replaced with an overview of the
packages the user maintains or co-maintains.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not print the wrapper div container when calling pkg_search_page().
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
* Pass search parameters using an associative array instead of $_GET.
* Add a boolean parameter to enable and disable headers/footers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This makes it easier to display search results without showing the
search form.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Modify the call to process_account_form() to only having one parameter per
line.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When clicking on the linked Git clone URL of a package base, users are
faced with a 404 error page since the URL is not supposed to be opened
in a web browser. Add some notes to 404 error pages corresponding to Git
clone URLs that explain how to use them instead.
Fixes FS#51266.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Commits 6ec4a35 (Send notifications when changing ownership, 2016-02-21)
and e3670ef (Add a homepage field to accounts, 2016-06-02) forgot to
change some usages of display_account_form() and process_account_form()
to account for the new parameter. The former also forgot to add the new
column to the database schema.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow users to add a link to their homepage to their profile.
Implements FS#22774.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Eric Engestrom <eric@engestrom.ch>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.
Implements FS#30109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a configuration option to the account edit page that allows for
globally enabling/disabling package base comment notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
It was hard to make it consistent with the other new icons from Open
Iconic and it hadn't much use after all.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The other new icons (in package comments) behave the same way.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
After 24734d0 (Shorten Email column to 254 characters, 2015-11-12) the
maximum length of the input fields should be shortened, too.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Only Developers and Trusted Users can undelete comments.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements: FS#46546
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use a flat icon from the Open Iconic collection to mark new packages.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use a flat icon from the Open Iconic collection for the RSS feed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Remove some very old and outdated logos. Update the RSS feed to use the
new logo.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The new SVG icons used in aurweb are taken from the Open Iconic project.
Add their license to our source tree.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Adds capability to pin comments before others.
Implements FS#10863.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Apparently the reference to "files" can be confusing.
Fixes FS#47167.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
According to RFC 3696 (and the associated errata), an email address can
be up to 256 characters long. Change the database field and the length
limit on all input fields accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
If a dependency neither exists in the official repositories nor in the
AUR, make it appear bold red.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|