Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds package base details pages, similar to the package details
pages. Each package base details page contains general information
(package base name, category, submitter, maintainer, ...) and links to
all the corresponding packages. As on the package details pages,
comments and links to several package actions are also provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Move comments from the Packages table to PackageBases. Sharing comments
makes sense since they almost always refer to a source package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replace the table layout with field sets, labels and CSS formatting.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is only visible to Trusted Users and developers.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This has been introduced by commit aae43d9 (started working on package
comments, 2005-03-05) but it seems to be of no practical use. Remove the
field to save some space.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This allows for removing users without also removing the corresponding
comments. Instead, all comments from deleted users will be displayed as
"Anonymous comment".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
In order to make votes as neutral as possible, current yes/no votes
should not be shown until the voting period is over.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Quorum is a decimal field, so checking "!$quorum" does not work. Use the
number of active TUs instead which is how we already check whether
participation information is available in other places.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This improves the ability to edit a user's account directly through
UI features rather than manually appending 'edit' to the URL or
searching for the account and selecting edit.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Extends changes in 81d4cc13dcae2f159ed937d4ce41e1df7d3c82b0
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d87eaf692a7e47cf16a28d838c7cb2bd
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Instead of showing a table with a single "No results found." entry, do
not show the table at all and display the text "No results found." in a
<p></p> container.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The page this links to allows for adding an item to the list of current
votes. Move the link accordingly.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use forms and POST instead of GET for following actions:
* Flagging/Unflagging a package out-of-date
* Voting for a package and removing votes
* Enabling/Disabling notifications
Use CSS to make the submit buttons of these forms look like links.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Do not divide by zero if the number of active TUs is unknown.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
These are navigation links and do not belong to the action box.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This shows a list of all Trusted Users and the vote ID of the last
proposal each of the TUs voted on. This list is sorted by vote ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds an field that indicates whether the vote was accepted or
rejected, based on the rules specified in the TU Bylaws.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Compute the total number of votes and the participation at the beginning
of the template instead of doing it inside the template itself.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This is calculated by dividing the sum of all votes by the total number
of TUs (where the number of TUs is measured when the vote starts).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Remove the password field from the account creation form and always send
a password reset request via e-mail instead. This ensures that only
users with valid e-mail addresses are able to login.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
We used a mixture of account type IDs and account type descriptions on
the account edit page. This resulted in the account type field always
defaulting to "Normal user" after an invalid form had been submitted.
Consistently use account type IDs to avoid this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Implements FS#33294
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Package names and dep conditions can be specially crafted for an XSS
attack. Properly sanitize these variables on the package details page.
In addition, avoid including dep conditions as part of a package link.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fixes FS#32455.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Fixes FS#32449.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Commit 091c2b5f5523773604699b914c19e6b02ce290bc introduced lower casing
to the language drop-down list. Revert this and use htmlspecialchars()
to escape language entries instead.
Addresses FS#32453.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Word-wrap labels in the package statistics box, just as we wrap package
names in the "Recent Updates" box.
Addresses FS#32160.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The main site, wiki, and BBS are using HTTPS exclusively, so link
directly to the correct protocol rather than forcing a redirect.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Change the login link so that it points directly to the HTTPs version of
the login page if "$DISABLE_HTTP_LOGIN" is set and if HTTP is used.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Replace incorrect </td> tags with </th> tags
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
* Add </option> close tags
* Add VI delimiter to selected option
* Add quotes to language codes
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Highlight the version number of out-of-date packages on the package
search results page using the "flagged" class from archweb.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Synchronize the column layout with archweb. This also allows for
easily highlighting the version number of out-of-date packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The delete button is currently on a separate line. Change some logic
to allow for the button to be on the same line as poster info.
Reported-by: Dave Reisner <d@falconindy.com>
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|