summaryrefslogtreecommitdiffstats
path: root/web/template/pkg_comments.php
AgeCommit message (Collapse)AuthorFilesLines
2017-04-24Fix the comment collapse featureLukas Fleischer1-7/+9
In commit 4abde89 (Use JavaScript to collapse long comments, 2017-04-19), support for collapsing/expanding long comments was added. This was broken by the recent Markdown support since comments no longer live inside a single HTML paragraph. Fix this by wrapping each comment in another div container. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Render comments when storing them in the databaseLukas Fleischer1-0/+4
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-20Use JavaScript to collapse long commentsLukas Fleischer1-1/+1
Instead of using CSS to limit the height of package comments as implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12), use JavaScript to collapse long comments and add a link to expand them. Clicking the same link twice results in the corresponding comment being collapsed again. If JavaScript is disabled, the full comments are shown (without any possibility to collapse or expand). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman1-3/+3
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-24Fix duplicate ids from pinned commentsMark Weiman1-1/+1
Fixed duplicate ids caused from pinned comments introduced in 7d4c0c9 (Implement capability to pin comments above others, 2015-12-12). Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-01-23Add comment undeletion functionalityMarcel Korpel1-0/+11
Only Developers and Trusted Users can undelete comments. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Hide names of deleted accounts in comment headingsLukas Fleischer1-7/+12
When the account of a user who edited/deleted a comment is removed, drop occurrences of his user name in comment headings instead of replacing the user name with "None". Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-13Store current date and time when deleting commentsLukas Fleischer1-14/+20
Instead of modifying EditedTS when a comment is deleted, use a separate field DelTS. Use this field to determine whether a comment has been deleted, instead of checking DelUsersID which might be unset when the corresponding user is deleted. Fixes FS#47362. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Only show "last edited" to logged in usersLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Implement capability to pin comments above othersMark Weiman1-5/+35
Adds capability to pin comments before others. Implements FS#10863. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-12-12Remove reassignment of base_id in pkg_comments.phpMark Weiman1-7/+0
Removes reassignment of $base_id in web/template/pkg_comments.php as it is assigned in both pkgbase_display_details() and pkg_display_details(). Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08pkg_comments.php: Add JavaScript function to edit commentsMarcel Korpel1-0/+35
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08pkg_comments.php: Merge two DIVs with same IDMarcel Korpel1-3/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Add IDs to commentsMarcel Korpel1-1/+1
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Show dateline when a comment is edited or deletedMarcel Korpel1-12/+26
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Add comment edit icon and formMarcel Korpel1-0/+3
Show an icon next to the comment deletion icon, which leads to a comment edit form. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2015-08-08Use SVG image for comment deletion iconMarcel Korpel1-17/+11
This also puts the icon to the right and the timestamp in the byline and wipes out a repeated instance of the byline. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2014-07-25Make deleted comments visible to Trusted UsersLukas Fleischer1-4/+8
This allows Trusted Users to check whether a user posted a politically incorrect comment, even if he already deleted it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Display correct comment count on package base pageLukas Fleischer1-1/+7
Show the correct number of package base comments in the tool tip message of the "Latest Comments" link. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-23Drop comment count from translatable messageLukas Fleischer1-2/+2
The title "View all %s comments" becomes "View all %s comment" when adding plural support (which is needed for other languages that have more than one plural form). Simply remove the comment count from the message and add it in parentheses. Suggested-by: Safa Alfulaij <safa1996alfulaij@gmail.com> Suggested-by: Sebastian Wilzbach <sebi@wilzbach.me> Suggested-by: kachelaqa <kachelaqa@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-07-15Rework permission handlingLukas Fleischer1-2/+1
Add a new function has_credential() that checks whether the currently logged in user is allowed to perform a given action. Moving all permission handling to this central place makes adding new user groups and adjusting permissions much more convenient. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Prefix package functions with pkg_/pkgbase_Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Use snake case for all package functionsLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Move package actions to package basesLukas Fleischer1-4/+3
Package actions now operate on package bases instead of packages. Move all actions to the correct locations. This also fixes some issues with comment notifications. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-04-05Store comments on a per-package base basisLukas Fleischer1-1/+2
Move comments from the Packages table to PackageBases. Sharing comments makes sense since they almost always refer to a source package. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2014-02-04Add support for anonymous commentsLukas Fleischer1-1/+9
This allows for removing users without also removing the corresponding comments. Instead, all comments from deleted users will be displayed as "Anonymous comment". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-10-11pkg_comments.php: Move delete button to same line as poster infocanyonknight1-1/+3
The delete button is currently on a separate line. Change some logic to allow for the button to be on the same line as poster info. Reported-by: Dave Reisner <d@falconindy.com> Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-24Use echo shortcut syntaxLukas Fleischer1-9/+9
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18pkg_comments.php: Fix "Latest Comments" linkLukas Fleischer1-2/+2
Avoid adding "?comments=all" more than once if the "Latest Comments" link is clicked multiple times. Reported-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-09-18Use URL rewriting for user info pagecanyonknight1-1/+1
Navigation to the "AccountInfo" page should only require a user to know the username of the account they are looking for. Update all AUR links that use the user info page to reflect the new URL. Before: AUR_URL/account/?Action=AccountInfo&U=userfoo After: AUR_URL/account/userfoo Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18pkg_comments.php: Fix comment deletion linksLukas Fleischer1-2/+3
* Add a missing quote to the "alt" attribute. Regression introduced in d8b2eb4b628e8927b0bed1b254c996520de95b83. * Retrieve and store the package name before overwriting the "$row" variable. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-18pkg_comments.php: Fix links to user accountsLukas Fleischer1-1/+1
Regression introduced in 2425f963f8ad45292c217914b5fee1ed18104c26. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-17pkg_comments.php: Fix noticeLukas Fleischer1-1/+1
Fix a notice that appeared if comments were available and the package was requested by name. See 07d3649c2d68bd67ebbcbe10ee9535364903a0f8 for a similar fix for links to the voters page. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual paths for package detailsLukas Fleischer1-2/+2
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use virtual path feature for linksLukas Fleischer1-2/+2
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-15Use absolute URIs for style sheets and imagesLukas Fleischer1-1/+1
This is needed for our new URI scheme, since we will use virtual directories, such as "/packages/" instead of "/packages.php" etc. Having relative URIs results in incorrect paths, such as "/packages/css/aur.css" (instead of "/css/aur.css"). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-14Merge branch 'maint'Lukas Fleischer1-0/+1
Conflicts: web/html/account.php web/html/addvote.php web/html/pkgsubmit.php web/lib/acctfuncs.inc.php web/template/actions_form.php web/template/pkg_comment_form.php web/template/pkg_comments.php web/template/pkg_details.php web/template/pkg_search_results.php web/template/tu_details.php
2012-07-06pkg_comments.php: Overhaul to match archwebcanyonknight1-40/+37
* Limit PHP echoing XHTML as much as possible, and use pure XHTML * Switch to alternative syntax in control structures for better readability of inter-mixed XHTML * Remove box for every comment and switch to archweb news post style Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-07-06Use sane date format strings everywhereLukas Fleischer1-1/+1
We fixed this for the fields displayed on the package details page in commit b5fffe9a02cd4fd3b7da66e403f02eea89c8fcad. This should fix the remaining ones. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: canyonknight <canyonknight@gmail.com>
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight1-0/+1
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-05-31HTML/DOM fixesDario Giovannetti1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2012-03-24Support canonical links to packagesLukas Fleischer1-1/+1
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix XSS vulnerabilities in package comment templates.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer1-6/+8
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-01-19Make external links in comments clickable (FS#20137).Lukas Fleischer1-1/+1
Comments are now split at link boundaries and links are converted separately. I find this to be a much cleaner way than re-converting comments that have already been converted using htmlspecialchars(). This also doesn't require any callback procedure. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2010-11-21Auto redirect from confirmation screens.Dan Vratil1-9/+14
Finally move comment deletion and category editing into functions and remove pkgedit.php Signed-off-by: Loui Chang <louipc.ist@gmail.com> -Fix indentation -Fix variable naming conflict $id vs $cid
2010-04-15pkg_comments: Only display 10 comments by default.Loui Chang1-1/+11
Add a mechanism to view all comments. Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-04-13Don't hit the database twice per comment on packageDan McGee1-1/+2
It's performance improvement day today. For non-superusers, we were hitting the database twice per comment on a package- once to get the UID, and once to check the owner of the comment. The best part is we already knew the owner of the comment, and we only need to get our own UID once. For viewing a package like yaourt, this cuts a single pageview from over 700 queries to around 18, which is still not great but a pretty big improvement. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-02-19Revamp markup and styles for comments.Loui Chang1-24/+14
Make post date consistent with other dates. Look Ma, no tables! Signed-off-by: Loui Chang <louipc.ist@gmail.com>
2009-01-23Change comment style so long lines wrap.Loui Chang1-1/+1
Signed-off-by: Loui Chang <louipc.ist@gmail.com>