summaryrefslogtreecommitdiffstats
path: root/web
AgeCommit message (Expand)AuthorFilesLines
2012-06-24Implement token system to fix CSRF vulnerabilitiescanyonknight13-46/+82
2012-03-09Release 1.9.1v1.9.1Lukas Fleischer1-1/+1
2012-03-09Replace "nb_NO" translation by "nb"Lukas Fleischer1-1/+1
2012-03-09Replace "pt" translation by "pt_PT"Lukas Fleischer1-1/+1
2012-02-19Escape all output strings in the header and footerLukas Fleischer2-4/+4
2012-02-19Fix some more XSS vulnerabilitiesLukas Fleischer3-3/+3
2011-10-25Escape wildcards in "LIKE" patternsLukas Fleischer4-13/+15
2011-10-25Wrap mysql_real_escape_string() in a functionLukas Fleischer12-61/+67
2011-09-05web/template/login_form.php: Escape the request URILukas Fleischer1-1/+1
2011-09-05web/html/pkgsubmit.php: Deal with unset category IDLukas Fleischer1-3/+15
2011-09-05Link to current page in the login bar HTTPs linkLukas Fleischer1-2/+2
2011-08-22RPC: Fix info queries when using package IDsLukas Fleischer1-1/+1
2011-08-22Add missing __() to category info in package detailsLukas Fleischer1-3/+3
2011-08-20Release 1.9.0v1.9.0Lukas Fleischer1-1/+1
2011-08-20Replace "el_GR" translation by "el"Lukas Fleischer1-1/+1
2011-08-20Add Portuguese (Brazilian) translationLukas Fleischer1-0/+1
2011-08-13Add Finnish and Dutch translationsLukas Fleischer1-0/+2
2011-08-12Use secure and httponly session cookiesLukas Fleischer3-4/+4
2011-08-11Add a configuration setting to disallow HTTP loginLukas Fleischer3-3/+17
2011-08-11Remove unnecessary atype and uid lookup from package_details()Dan McGee2-3/+2
2011-08-11Use 'true' instead of 'True' everywhereDan McGee2-9/+9
2011-08-11Make package creation and update atomicDan McGee1-1/+5
2011-08-11pkgfuncs.inc.php: allow all DB funcs to take handle argDan McGee1-61/+102
2011-08-11aur.inc.php: allow all functions using DB to take handle as argDan McGee1-25/+49
2011-08-11Allow for merging deleted packages into existing onesLukas Fleischer3-2/+18
2011-08-11Add "mergepkgid" argument to pkg_delete()Lukas Fleischer1-1/+30
2011-08-11Rename package_exists() to pkgid_from_name()Lukas Fleischer2-3/+3
2011-08-10Segment the upload directory by package name prefixDan McGee3-5/+6
2011-08-10Allow SQL_DEBUG to be undefinedDan McGee1-1/+1
2011-07-29Fix empty depends database insertLukas Fleischer1-11/+16
2011-06-28Replace split() invocations with explode()Lukas Fleischer1-1/+1
2011-06-25Simplify session ID generationLukas Fleischer1-10/+1
2011-06-25Stricter email address validationLukas Fleischer1-1/+1
2011-06-25Honor epoch field in PKGBUILD files.Slavi Pantaleev1-6/+10
2011-06-25fix incompatibility with php short open tagsFlorian Pritz2-5/+1
2011-06-25README: fix pacman callFlorian Pritz1-1/+1
2011-06-25Use sane ORDER BY clauses in package list queriesDan McGee1-4/+4
2011-06-22Do not redirect on single search resultsLukas Fleischer1-29/+22
2011-06-22Make cache type selectable based on config valueelij3-46/+92
2011-06-22rename *.inc files to *.inc.php and adjust imports and referenceselij21-32/+32
2011-06-22make rss.php use the apc cache instead of a cache fileelij1-5/+13
2011-06-22refactor apc code and move to aur.incelij2-55/+66
2011-05-29Cleanup RPC usage output a bitLukas Fleischer1-15/+11
2011-05-29Properly encode ampersands in the RPC usage outputLukas Fleischer1-2/+2
2011-05-29fix two issues (php notice level) with html/rss.phpelij1-1/+3
2011-05-29restructure the html/rpc.php endpointelij1-28/+33
2011-05-17add first submitted and last modified to rpc outputkachelaqa1-1/+2
2011-05-17add support for etag and conditional get (if-none-match)elij1-1/+29
2011-05-17fix case where user does not existelij1-0/+3
2011-05-17test return value from db_query before assuming it is validelij7-68/+135