Age | Commit message (Collapse) | Author | Files | Lines |
|
In commit 4abde89 (Use JavaScript to collapse long comments,
2017-04-19), support for collapsing/expanding long comments was added.
This was broken by the recent Markdown support since comments no longer
live inside a single HTML paragraph. Fix this by wrapping each comment
in another div container.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of converting package comments from plain text to HTML code when
they are displayed, do the conversion when the comment is posted and
store the rendered result in the database. The conversion itself is done
by a Python script which uses Bleach for sanitizing the text.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of using CSS to limit the height of package comments as
implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12),
use JavaScript to collapse long comments and add a link to expand them.
Clicking the same link twice results in the corresponding comment being
collapsed again.
If JavaScript is disabled, the full comments are shown (without any
possibility to collapse or expand).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Fixed duplicate ids caused from pinned comments introduced in 7d4c0c9
(Implement capability to pin comments above others, 2015-12-12).
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Only Developers and Trusted Users can undelete comments.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When the account of a user who edited/deleted a comment is removed, drop
occurrences of his user name in comment headings instead of replacing
the user name with "None".
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of modifying EditedTS when a comment is deleted, use a separate
field DelTS. Use this field to determine whether a comment has been
deleted, instead of checking DelUsersID which might be unset when the
corresponding user is deleted.
Fixes FS#47362.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Adds capability to pin comments before others.
Implements FS#10863.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Removes reassignment of $base_id in web/template/pkg_comments.php as it is
assigned in both pkgbase_display_details() and pkg_display_details().
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Show an icon next to the comment deletion icon, which leads to a
comment edit form.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This also puts the icon to the right and the timestamp in the byline
and wipes out a repeated instance of the byline.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This allows Trusted Users to check whether a user posted a politically
incorrect comment, even if he already deleted it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Show the correct number of package base comments in the tool tip message
of the "Latest Comments" link.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The title "View all %s comments" becomes "View all %s comment" when
adding plural support (which is needed for other languages that have
more than one plural form). Simply remove the comment count from the
message and add it in parentheses.
Suggested-by: Safa Alfulaij <safa1996alfulaij@gmail.com>
Suggested-by: Sebastian Wilzbach <sebi@wilzbach.me>
Suggested-by: kachelaqa <kachelaqa@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Move comments from the Packages table to PackageBases. Sharing comments
makes sense since they almost always refer to a source package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for removing users without also removing the corresponding
comments. Instead, all comments from deleted users will be displayed as
"Anonymous comment".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The delete button is currently on a separate line. Change some logic
to allow for the button to be on the same line as poster info.
Reported-by: Dave Reisner <d@falconindy.com>
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to
reduce noise in templates.
Note that as of PHP 5.4.0, "<?=" is always available and no longer
requires "short_open_tag" to be set.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Avoid adding "?comments=all" more than once if the "Latest Comments"
link is clicked multiple times.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Add a missing quote to the "alt" attribute. Regression introduced in
d8b2eb4b628e8927b0bed1b254c996520de95b83.
* Retrieve and store the package name before overwriting the "$row"
variable.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Regression introduced in 2425f963f8ad45292c217914b5fee1ed18104c26.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fix a notice that appeared if comments were available and the package
was requested by name. See 07d3649c2d68bd67ebbcbe10ee9535364903a0f8 for
a similar fix for links to the voters page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is needed for our new URI scheme, since we will use virtual
directories, such as "/packages/" instead of "/packages.php" etc.
Having relative URIs results in incorrect paths, such as
"/packages/css/aur.css" (instead of "/css/aur.css").
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Conflicts:
web/html/account.php
web/html/addvote.php
web/html/pkgsubmit.php
web/lib/acctfuncs.inc.php
web/template/actions_form.php
web/template/pkg_comment_form.php
web/template/pkg_comments.php
web/template/pkg_details.php
web/template/pkg_search_results.php
web/template/tu_details.php
|
|
* Limit PHP echoing XHTML as much as possible, and use pure XHTML
* Switch to alternative syntax in control structures for better readability of
inter-mixed XHTML
* Remove box for every comment and switch to archweb news post style
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We fixed this for the fields displayed on the package details page in
commit b5fffe9a02cd4fd3b7da66e403f02eea89c8fcad. This should fix the
remaining ones.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: canyonknight <canyonknight@gmail.com>
|
|
Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.
Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is more user-friendly than supporting package IDs only and can be
used as a basis to support direct links to AUR packages in places where
links are computer-produced (e.g. Wiki templates).
Addresses FS#21600 and FS#28839.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fix a lot of invalid XHTML in the templates and actions. There might
still be some legacy code left, but this should cover most of it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Finally move comment deletion and category editing into functions and
remove pkgedit.php
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
-Fix indentation
-Fix variable naming conflict $id vs $cid
|
|
Add a mechanism to view all comments.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
It's performance improvement day today. For non-superusers, we were hitting
the database twice per comment on a package- once to get the UID, and once
to check the owner of the comment. The best part is we already knew the
owner of the comment, and we only need to get our own UID once.
For viewing a package like yaourt, this cuts a single pageview from over 700
queries to around 18, which is still not great but a pretty big improvement.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Make post date consistent with other dates.
Look Ma, no tables!
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|
|
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
|