| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When removing an account, remove the user from all last packager fields
before deletion to make sure that no package bases are deleted, even if
propagation constraints are missing.
Fixes FS#53956.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This allows for adding Terms of Service documents to the database that
registered users need to accept before using the AUR. A revision field
can be used to indicate whether a document was updated. If it is
increased, all users are again asked to accept the new terms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of calling check_sid() from every single PHP script representing
a web page, add the call to aur.inc.php which is sourced by all of them.
Also, remove set_lang() calls from the scripts since these are also
already included in aur.inc.php.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of converting package comments from plain text to HTML code when
they are displayed, do the conversion when the comment is posted and
store the rendered result in the database. The conversion itself is done
by a Python script which uses Bleach for sanitizing the text.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Split optional dependency descriptions from dependency names before
storing them in the database and use a separate column to store the
descriptions.
This allows us to simplify and optimize the SQL queries in
pkg_dependencies() as well as pkg_required().
Suggested-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make sure that the get_extended_fields() invocation succeeded before
merging regular and extended fields in process_query().
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false. Also, make sure that
the results array is always initialized, even if the result set is
empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not trigger a PHP warning if there are no votes to be added or
removed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The variable $action is always undefined in pkgbase_delete() which makes
the if-statement always true and triggers a warning whenever a package
base is removed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In commit e171f6f (Migrate all DB code to use PDO, 2012-08-08),
PDOStatement::fetchAll() was introduced as a drop-in replacement for
mysql_fetch_array(). However, PDOStatement::fetchAll() returns a list of
all results while mysql_fetch_array() returns a single result only.
Instead of adding the missing indirection, simplify the code by using
PDO::fetchColumn().
Also add some safeguards to prevent warnings if the result set returned
by the query is empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The SQL query retrieving the time zone from the database may return an
empty result set if the session timeout was reached. Handle such cases
gracefully by leaving the timezone variable unset.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The $salt variable is no longer needed as of 29a4870 (Use bcrypt to hash
passwords, 2017-02-24).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Fixes a regression introduced in 608c483 (Add user set timezones,
2017-01-20).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not overwrite the $uid variable when updating co-maintainers.
Fixes FS#52225.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow for hiding requests which were opened before a given time stamp.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
All error messages in aurjson except two end with a period. Add the
missing periods to make the messages consistent.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, each source file which is an external link (http://,
https://, ...) is a clickable link.
This commit extends the behaviour by making files from the repository
clickable as well. The link brings the user to the corresponding cgit
page.
Also, the link to the PKGBUILD is altered to make the configuration more
consistent.
Signed-off-by: Janne Heß <jannehess@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When a user is specified, the function only returns package requests
which are either opened by the given user or affecting packages
maintained by the given user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
As a follow-up to commit 6cb8c04 (Implement co-maintainer search,
2017-01-26), add an option to search for both maintainers and
co-maintainers at the same time.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a AUR_CONFIG environment variable that can be used to specify an
alternative configuration file, similar to the feature introduced in
ecbf32f (git-interface: Add AUR_CONFIG environment variable,
2016-08-03).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
* Pass search parameters using an associative array instead of $_GET.
* Add a boolean parameter to enable and disable headers/footers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This makes it easier to display search results without showing the
search form.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add an option to filter package search results by co-maintainer.
Partly fixes FS#45591.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Inspired by commit 32c8d0c (Store last login address as plain text,
2016-03-13).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, when a user edits their language setting from the edit user form,
the changes aren't reflected until the user either lets the original cookie
expire, deletes the cookie manually, or changes the language a second time via
the dropdown menu on the top of the page. This patch makes the language cookie
get updated when it is changed from the edit user form.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The quote is a leftover of legacy code and was meant to be removed by
commit e171f6f (Migrate all DB code to use PDO, 2012-08-08).
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In commit baf8a22 (git-interface: Support SQLite as database backend,
2016-08-03), conf/config.proto was changed so that dsn_prefix was
changed to backend and this fixes this in web/lib/DB.class.php.
Since SQLite's dsn is different, this adds a check of which backend is
desired and will quit if MySQL or SQLite are not the backend selected.
SQLite2 may be supported, but is untested and will trigger an error if
used.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in
the web interface is changed to use PHP's time() function.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key
components of the aurweb SSH interface are installed system-wide. Update
the default configuration path to point to a central location.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Before commit 9746a65 (Port notification routines to Python,
2015-06-27), notification emails for automatically closed requests
explicitly stated that the action was taken "automatically by the Arch
User Repository package request system". When porting the notification
routines to Python, this feature was overlooked and emails sent by the
new script always reported that the requester triggered the acceptance
or rejection of a request.
This patch reimplements the old behavior such that notifications no
longer look as if the requester had accepted the request himself.
Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a configuration option max_depends which can be used to
specify a maximum number of (reverse) dependencies to display on the
package details pages.
Fixes FS#49059.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow users to add a link to their homepage to their profile.
Implements FS#22774.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Remove a leftover var_dump() invocation that was introduced in commit
5fb7a74 (Replace categories with keywords, 2015-06-13).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
|
|
Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.
Fixes FS#48557.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
