summaryrefslogtreecommitdiffstats
path: root/web/lib
AgeCommit message (Collapse)AuthorFilesLines
2016-03-13Release 4.2.1v4.2.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-13Store last login address as plain textLukas Fleischer1-2/+2
Directly store the information contained in $_SERVER['REMOTE_ADDR'] instead of using ip2long() which does not support IPv6 addresses. Note that the LastLoginIPAddress field is designed to be used by the administrator on rare occasions only (e.g. to fight spam) and is not displayed anywhere. Fixes FS#48557. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-03-01aurjson: Remove stray GROUP BY clauseLukas Fleischer1-1/+0
The IDs of packages are unique, so there is no need to group search results by package ID. Note that the GROUP BY statement in question was introduced in commit 3447dfc (Support versioned RPC queries, 2014-04-28) for no apparent reason and could even lead to errors in various DBMS. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-19Unset $pinned unconditionally when displaying commentsMark Weiman2-2/+2
In pkg_comments.php, the $pinned variable is used to determine whether the template is supposed to print all comments or pinned comments only. If the $pinned variable is unset, the top 10 comments are printed, followed by an "All comments" link. If the $pinned variable is set, the pinned comments are printed and the "All comments" link below the comment listing is skipped. Thus, we need to make sure that this variable is always unset at the time we include the template to display all comments, even if it was empty before. Fixes FS#48194. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-15Release 4.2.0v4.2.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-09aurjson: Add package base keywordsLukas Fleischer1-2/+16
Expose package base keywords through the RPC interface (version 5). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add support for package update notificationsLukas Fleischer1-2/+5
Introduce a new notification option to receive notifications when a new commit is pushed to a package repository. Implements FS#30109. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Add global comment notification settingLukas Fleischer1-2/+5
Add a configuration option to the account edit page that allows for globally enabling/disabling package base comment notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-02-07Rename the CommentNotify table to PackageNotificationsLukas Fleischer3-11/+11
As a preparatory step to adding support for package notifications on events other than comments, rename the database table accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-31Remove 'new' tag from updates tableMarcel Korpel1-1/+1
It was hard to make it consistent with the other new icons from Open Iconic and it hadn't much use after all. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-28Rename constructors to __constructMarcel Korpel2-4/+4
In PHP 7, constructor methods that have the same name as the class they are defined in are deprecated. Use __construct instead. http://php.net/manual/en/migration70.deprecated.php Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-23Add comment undeletion functionalityMarcel Korpel2-4/+20
Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-15Add link to flag OOD commentMark Weiman1-0/+32
Implements: FS#46546 Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Store current date and time when deleting commentsLukas Fleischer1-4/+4
Instead of modifying EditedTS when a comment is deleted, use a separate field DelTS. Use this field to determine whether a comment has been deleted, instead of checking DelUsersID which might be unset when the corresponding user is deleted. Fixes FS#47362. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13aurjson: Do not search by ID when argument is numericLukas Fleischer1-2/+2
When performing info or multiinfo queries, one can currently either pass package names or package IDs as parameters. As a consequence, it is impossible to search for packages with a numeric package name because numeric arguments are always treated as IDs. Since package IDs are not public anymore these days, simply remove the possibility to search by ID in revision 5 of the RPC interface. Fixes FS#47324. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13notify: Do not pass notification texts via pipesLukas Fleischer3-7/+6
Directly retrieve comments from the database instead of additionally passing them via stdin. Fixes FS#46742. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Save comment when closing requestsLukas Fleischer1-1/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Implement capability to pin comments above othersMark Weiman3-6/+127
Adds capability to pin comments before others. Implements FS#10863. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-14Make the notification script configurableLukas Fleischer1-1/+1
Add a configuration option to set the path of the notification script. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-11-12Remove redundant codeLukas Fleischer1-15/+1
This code is no longer needed since 9746a65 (Port notification routines to Python, 2015-06-27). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Highlight broken dependenciesLukas Fleischer1-0/+9
If a dependency neither exists in the official repositories nor in the AUR, make it appear bold red. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Hide optdepend description if not availableLukas Fleischer1-1/+1
Remove the "(unknown)" suffix that used to be shown for optional dependencies without a description. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Include trivial AUR providers in pkg_providers()Lukas Fleischer1-4/+5
When obtaining provisions using pkg_providers(), we already include virtual providers from the official repositories, virtual providers from the AUR and trivial providers (i.e. packages having the given name) from the official repositories. Include trivial providers from the AUR as well. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Always retrieve dependency providersLukas Fleischer1-11/+8
Since commit 16765d5 (Track providers in the official repositories, 2015-10-21), we know all packages and virtual provisions from the official repositories. Always obtain and display all providers from both the official repositories and the AUR. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24Fix spacing of versioned dependenciesLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-24aurjson: Allow underscores in JSONP callback namesLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-21Check comment length in the backendLukas Fleischer1-0/+4
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-21Track providers in the official repositoriesLukas Fleischer1-16/+48
Maintain a list of virtual provisions of packages from the official binary package repositories. The list can be updated using the aurblup script, e.g. via a cronjob. This allows for adding proper links to package dependencies: If an AUR package depends on a package from the official repositories (or on a name provided by a package from the official repositories), add a link to the corresponding archweb package details page. If an AUR package depends on another AUR package (or on a name provided by another AUR package), add a link to the corresponding aurweb package details page. Otherwise, just display the name and do not add a link at all. Fixes FS#46549. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-17Send notifications when changing co-maintainershipLukas Fleischer1-0/+2
Implements FS#45590. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-17Refactor pkgbase_set_comaintainers()Lukas Fleischer1-6/+20
This makes the code slightly more efficient and allows for easily determining the users that were added/removed to the co-maintainer list. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-09aurjson: Rename the search_by parameter to "by"Lukas Fleischer1-5/+9
This parameter is only supported by the search command. We do not need to repeat ourselves. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-04aurjson: Merge info and multiinfo commandsLukas Fleischer1-2/+5
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-04aurjson: Add "maintainer" search typeLukas Fleischer1-21/+22
Deprecate the msearch command and add a new search type to the search command. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-03Release 4.1.1v4.1.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-03Fix parameter processing in parse_multiinfo_args()Lukas Fleischer1-3/+2
Fixes a regression introduced in 94aeead (aurjson: Pass http_data array to all functions, 2015-06-28). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-10-03Release 4.1.0v4.1.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-26aurjson.class.php: Sync error message with front-endLukas Fleischer1-1/+1
Instead of introducing a new message "You do not have the right to edit this comment." for the RPC interface, use "You are not allowed to edit this comment." which we already show in the front-end. Reported-by: Christoph Seitz <seitz.christoph@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-25pkgfuncs.inc.php: Squelch PHP warningLukas Fleischer1-0/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-25aurjson.class.php: Fix "Undefined index" noticesLukas Fleischer1-4/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-23Add search for keywords onlyMarcel Korpel1-39/+64
Implements FS#45619. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-20Add option to hide one's email addressMarcel Korpel1-2/+9
Implements FS#42343. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-20Rename "Age" search order to "Last modified"Lukas Fleischer1-0/+4
Use a better description for sorting by modification time, as it is not clear whether "Age" refers to the package creation date or to the modification date. The possibility to sort by "Age" is kept internally (but hidden from the user interface) such that old links to search results still work. Fixes FS#46319. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-18Extract package name from detailsLukas Fleischer1-36/+0
When requesting package details, instead of performing another SQL query to obtain the package name, extract the name from the result of the package details query. Also, drop pkg_name_from_id() which is no longer needed after this optimization. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-18Remove legacy codeLukas Fleischer1-189/+0
In 74edb6f (Use Git repositories to store packages, 2014-06-06), package creation was moved to the Python backend. Remove several PHP functions that are no longer needed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-17Honor virtual provisions in package requirementsLukas Fleischer1-5/+26
Implements FS#14125. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-17Use a separate function for "Required by" linksLukas Fleischer1-27/+65
Do not use the same function for generating dependency and inverse dependency links. Instead, factor out common code and create two separate functions for those (rather different) functionalities. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-16Transfer notifications when merging packagesLukas Fleischer1-0/+14
When a package base is merged into another one, followers of the old package base usually want to be notified about comments the new package base as well. Fixes FS#27687. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-16Show providers in dependenciesLukas Fleischer1-6/+59
For all "virtual provisions" in package dependencies, show links to the actual packages providing the dependency. This partly implements FS#14125. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-12Mitigate JSONP callback vulnerabilitiesLukas Fleischer1-2/+6
The callback parameter of the RPC interface currently allows for specifying a prefix of arbitrary length of the returned result. This can be exploited by certain attacks. As a countermeasure, this patch restricts the allowed character set for the callback name to letters, digits, underscores, parenthesis and dots. It also limits the length of the name to 128 characters. Furthermore, the reflected callback name is now always prepended with "/**/", which is a common workaround to protect against attacks such as Rosetta Flash. Fixes FS#46259. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-09-11Allow for logging in via email addressLukas Fleischer2-1/+16
Accept both user names and email addresses in the login prompt. Suggested-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>