summaryrefslogtreecommitdiffstats
path: root/web/template/pkg_comments.php
AgeCommit message (Collapse)AuthorFilesLines
2012-07-14Merge branch 'maint'Lukas Fleischer1-0/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06pkg_comments.php: Overhaul to match archwebcanyonknight1-40/+37
* Limit PHP echoing XHTML as much as possible, and use pure XHTML * Switch to alternative syntax in control structures for better readability of inter-mixed XHTML * Remove box for every comment and switch to archweb news post style Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Use sane date format strings everywhereLukas Fleischer1-1/+1
We fixed this for the fields displayed on the package details page in commit b5fffe9a02cd4fd3b7da66e403f02eea89c8fcad. This should fix the remaining ones. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-0/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-31HTML/DOM fixesDario Giovannetti1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to packagesLukas Fleischer1-1/+1
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix XSS vulnerabilities in package comment templates.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-6/+8
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Make external links in comments clickable (FS#20137).Lukas Fleischer1-1/+1
Comments are now split at link boundaries and links are converted separately. I find this to be a much cleaner way than re-converting comments that have already been converted using htmlspecialchars(). This also doesn't require any callback procedure. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-21Auto redirect from confirmation screens.Dan Vratil1-9/+14
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-04-15pkg_comments: Only display 10 comments by default.Loui Chang1-1/+11
Add a mechanism to view all comments. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-04-13Don't hit the database twice per comment on packageDan McGee1-1/+2
It's performance improvement day today. For non-superusers, we were hitting the database twice per comment on a package- once to get the UID, and once to check the owner of the comment. The best part is we already knew the owner of the comment, and we only need to get our own UID once. For viewing a package like yaourt, this cuts a single pageview from over 700 queries to around 18, which is still not great but a pretty big improvement. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-19Revamp markup and styles for comments.Loui Chang1-24/+14
Make post date consistent with other dates. Look Ma, no tables! Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-23Change comment style so long lines wrap.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-23Fix translated comment messages.Loui Chang1-5/+4
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-05Move package comments to a template.Loui Chang1-0/+38
Change layout in the process. Signed-off-by: Loui Chang <louipc.ist@gmail.com>