summaryrefslogtreecommitdiffstats
path: root/web/template
AgeCommit message (Collapse)AuthorFilesLines
2020-01-30Update copyright range in the cgit footerLukas Fleischer1-1/+1
2020-01-30Require password when changing account informationLukas Fleischer1-8/+9
Since commits daee20c (Require current password when setting a new one, 2020-01-30) and 8fc8898 (Require password when deleting an account, 2020-01-30), changing a password and deleting an account require the current password. Extend this to all other profile changes. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Require password when deleting an accountLukas Fleischer1-2/+9
Further reduce the attack surface in case of a stolen session ID. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Verify current password against logged in userLukas Fleischer1-2/+2
When changing the password of an account, instead of asking for the old password of the account, ask for the password of the currently logged in user. This allows privileged users to edit other accounts without knowing their passwords. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Require current password when setting a new oneLukas Fleischer1-12/+20
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-12-11Copy Git repository URL on clickLukas Fleischer2-4/+30
The Git repository URLs are not meant to be visited using a web browser. Copy the link to the clipboard instead. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-10-27Display popularity with less decimal pointsLukas Fleischer2-2/+2
Limit the display to two decimal points for packages with a popularity of at least 0.2. Suggested-by: Allan McRae <allan@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-10-05Add a simple CAPTCHA to the sign up formLukas Fleischer1-0/+11
Add a CAPTCHA to protect against automated account creation. The CAPTCHA changes whenever three new accounts are registered. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-08-18Move permission for LIST_COMMENTS to dev/tu blockEli Schwartz1-1/+1
In commit 3578e77ad4e9258495eed7e786b7dc3aebcf1b63 we implemented listing of comments from the account details page , but this was intended to only be available to TUs and Devs. As the comment says: "display the comment list if they're a TU/dev" The credential checking code, however, set this credential for all users, contrary to the intention of the commit. In order to preserve the ability to list a person's own comments, also declare the allowed uids based on the profile being viewed.
2019-06-30Update copyright year in the cgit footer templateMichael Straube1-1/+1
Signed-off-by: Michael Straube <michael.straube@posteo.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-04-28Add "Enable notifications" checkbox in "Add Comment" formVladimir Panteleev1-0/+6
Currently, it is a little to easy to forget to enable notifications for a package after leaving a comment, thus never being notified of a reply. Even though the "Enable notifications" link is on the same page, it is not part of the flow for posting a new comment, and so, easy to miss. Most web forums and comment systems include a checkbox to enable notifications when posting for the first time in a thread. This patch implements this in aurweb, as well. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-10-17pkg_comments.php: Make comment timestamps link to the commentVladimir Panteleev1-5/+7
As of today, there is no easy way to obtain a link to a specific comment on a package page. Many implementations of forums and comment systems today seem to follow a convention where a comment's timestamp is an unobtrusive link to the comment itself. Some examples are: - phpBB (e.g. bbs.archlinux.org) - GitHub - Disqus - Discourse This patch adopts this convention as well, by making the timestamp a link to the comment.
2018-08-06Allow listing all comments from a userJohannes Löthberg3-27/+76
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-12Stop using each()Lukas Fleischer9-26/+26
The each() function has been deprecated as of PHP 7.2.0. Use foreach loops instead. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-12Add newline after accept link for orphan requestsLukas Fleischer1-3/+1
Fixes a regression introduced in 0ffa067 (Use a link to accept orphan requests, 2018-05-10). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-11Use a link to accept orphan requestsEli Schwartz1-5/+1
Currently, a form is used instead of a link. This forwards to a confirmation page, and currently drops the "via" parameter in the process. As a result, accepted orphan requests usually show: Request #XXXXXX has been accepted automatically by the Arch User Repository package request system: The user YYYYYYY disowned the package. This is wrong, and should show (will show, if you manually add it or use the close button instead of the accept button): Request #XXXXXX has been rejected by YYYYYYY [1]: Fixes FS#56606. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-10Update copyright year in the cgit footer templateEli Schwartz1-1/+1
Four years just passed in the blink of an eye :) Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-02-24Add capability for co-maintainers to disown packagesMark Weiman1-1/+1
Implements FS#53832. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-07Fix sorting order when clicking table headingsLukas Fleischer1-1/+1
A bug introduced in commit 7d7e079 (Hide the table sorting links on the dashboard, 2017-02-04) resulted in multiple clicks on a table heading in the package search results table no longer having any effect, instead of changing the sorting order. Fix this by removing erroneous spaces from the GET parameters in the search URL. Fixes FS#56261. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-05Point out that the user name is public when registeringLukas Fleischer1-0/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-24Fix the comment collapse featureLukas Fleischer1-7/+9
In commit 4abde89 (Use JavaScript to collapse long comments, 2017-04-19), support for collapsing/expanding long comments was added. This was broken by the recent Markdown support since comments no longer live inside a single HTML paragraph. Fix this by wrapping each comment in another div container. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Render comments when storing them in the databaseLukas Fleischer1-0/+4
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-20Use JavaScript to collapse long commentsLukas Fleischer1-1/+1
Instead of using CSS to limit the height of package comments as implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12), use JavaScript to collapse long comments and add a link to expand them. Clicking the same link twice results in the corresponding comment being collapsed again. If JavaScript is disabled, the full comments are shown (without any possibility to collapse or expand). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-19Store dependency descriptions in a separate columnLukas Fleischer1-1/+1
Split optional dependency descriptions from dependency names before storing them in the database and use a separate column to store the descriptions. This allows us to simplify and optimize the SQL queries in pkg_dependencies() as well as pkg_required(). Suggested-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-03-02account_delete.php: Fix variable nameLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27flag_comment.php: Hide comment for unflagged packagesLukas Fleischer1-0/+2
Only show the comment paragraph if the package base is actually flagged out-of-date. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-27Always use source_file_uri instead of pkgbuild_uriLukas Fleischer1-1/+1
The pkgbuild_uri option was replaced by source_file_uri in 9df1bd5 (Add direct links to each source file, 2017-02-12). Change one remaining reference to pkgbuild_uri accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-25pkgreq_results.php: Hide empty tableLukas Fleischer1-0/+4
Display a message that no requests matched the filter criteria instead of showing an empty package requests table. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Add security tracker into navbarMorten Linderud2-0/+2
Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Fix several PHP short open tagsLukas Fleischer3-3/+3
Use "<?=" instead of "<?" for printing. Fixes a regression introduced in a9048bb (Dedupe translatable strings, 2015-11-25). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Add direct links to each source fileJanne Heß1-2/+2
Currently, each source file which is an external link (http://, https://, ...) is a clickable link. This commit extends the behaviour by making files from the repository clickable as well. The link brings the user to the corresponding cgit page. Also, the link to the PKGBUILD is altered to make the configuration more consistent. Signed-off-by: Janne Heß <jannehess@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Add a flag to hide headersLukas Fleischer1-4/+8
Introduce a new boolean flag that can be used to disable extended headers, pagination and forms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Split out package results boxLukas Fleischer1-120/+118
Do not include the wrapper div container in the template. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Allow to search for both maintainer and co-maintainerLukas Fleischer1-0/+1
As a follow-up to commit 6cb8c04 (Implement co-maintainer search, 2017-01-26), add an option to search for both maintainers and co-maintainers at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Hide the table sorting links on the dashboardLukas Fleischer1-8/+27
The tables on the dashboard always show the 50 most recent packages, ordered by last update. Do not make the table headers of these tables clickable. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Add dashboardLukas Fleischer1-3/+4
For logged in users, the home page is replaced with an overview of the packages the user maintains or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04pkg_search_results.php: Split out package results boxLukas Fleischer1-88/+86
Do not print the wrapper div container when calling pkg_search_page(). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Refactor pkg_search_page()Lukas Fleischer1-2/+6
* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-28Implement co-maintainer searchLukas Fleischer1-0/+1
Add an option to filter package search results by co-maintainer. Partly fixes FS#45591. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23Show co-maintainers SSH clone URL on package base pageMark Weiman1-1/+1
On package base pages, if a co-maintainer visits, only the read-only URL is displayed which is inconsistent with how the individual packages of a package base's pages displays them. This adds the SSH clone URL to the package base's page for co-maintainers to see. Implements FS#52675. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman9-16/+31
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Do not show current day if registration date is unknownLukas Fleischer1-0/+4
The registration date field on the account details page currently defaults to the current day if the user's registration date is unknown. To avoid confusion, show "unknown" in these cases instead. Fixes FS#51405. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-08-14Add details link from account edit formJohannes Löthberg1-0/+1
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-08-14Display registration date on account details pageJohannes Löthberg1-0/+4
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-07-24Fix plural stringSafa AlFulaij1-1/+1
Even though the singular form never occurs, we need to use _n() here to obtain the correct behavior for languages with multiple plural forms. Signed-off-by: Safa AlFulaij <safa1996alfulaij@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-07-23Remove wearout factor from translatable stringLukas Fleischer1-1/+1
Even though that number is hardcoded in the source code, it is better to make it not appear in the message catalog such that it can be made configurable easily later. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-26Add hard limit for the length of dependency listsLukas Fleischer1-2/+3
Introduce a configuration option max_depends which can be used to specify a maximum number of (reverse) dependencies to display on the package details pages. Fixes FS#49059. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-25Make request type hints translatableLukas Fleischer1-3/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-25Linkify user homepage URLsJohannes Löthberg1-1/+1
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-06-08Add a homepage field to accountsLukas Fleischer2-0/+9
Allow users to add a link to their homepage to their profile. Implements FS#22774. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>