summaryrefslogtreecommitdiffstats
path: root/web/template/actions_form.php
AgeCommit message (Collapse)AuthorFilesLines
2012-09-28Deprecate actions bar when virtual URLs are usedcanyonknight1-3/+1
The only buttons on the actions bar that were still used when virtual URLs are enabled were the package deletion and package merging. These now reside in separate pages, so remove the need for the actions bar when virtual URLs are enabled. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-13/+13
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-08-23Allow only Trusted Users, Developers, and Maintainers to unflag packagescanyonknight1-1/+2
Currently everyone is allowed to unflag a package as out of date. This should be limited to only the appropriate people for a specific package. Fixes FS#27263 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17actions_form.php: Hide empty formLukas Fleischer1-0/+2
Do not show the actions form if it doesn't contain any elements. This comes into effect if the virtual path feature is enabled and the current user doesn't have TU/developer privileges. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Move adoption button to package actions boxLukas Fleischer1-7/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17Move package actions to the action boxLukas Fleischer1-0/+2
Note that this currently only works if the virtual path feature is enabled. If you don't use virtual paths, these will still be displayed as buttons below the package details listing. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer1-1/+1
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-1/+1
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-0/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06action_form.php: Pull out DB codecanyonknight1-24/+8
* Create new functions in pkgfuncs.inc.php with SQL queries from action_form.php * Centralization of DB code important in a future transition to PDO interface * Flip logic of vote and notify XHTML button to use function return rather than a more confusing NOT (!) logical operator statement Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06actions_form.php: Overhaul to match archwebcanyonknight1-48/+41
* Change all CSS to match archweb * General clean-up of XHTML formatting * Change control structures to use PHP alternative syntax for better readability with inter-mixed XHTML Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-0/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer1-0/+2
Merge all comments and votes of deleted packages into another package if the "Merge with" field is used. Duplicate votes (votes from a user who already voted on the target package or voted on more than one of the deleted packages) are discarded. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-05-17test return value from db_query before assuming it is validelij1-23/+29
make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-12/+13
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-02-27Define "Packages.SubmitterUID" and "Packages.MaintainerUID" as "NULL".Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-10Add timestamp when a package is flagged out-of-date (FS#20848).Lukas Fleischer1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com> - resolve conflict and omit i18n changes.
2010-07-02Confirmation when deleting packagesLukas Fleischer1-0/+2
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-25Move package comment form into a new template.Loui Chang1-6/+0
Feature the form on the package details page. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-24Move actions form into template.Loui Chang1-0/+60
Signed-off-by: Loui Chang <louipc.ist@gmail.com>