summaryrefslogtreecommitdiffstats
path: root/web
AgeCommit message (Collapse)AuthorFilesLines
2011-04-27stats: capitalize FROM in all SQL queriesDan McGee1-6/+6
Matches our normal code conventions. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: treat all UID/ID values as numbers, not stringsDan McGee4-15/+15
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-27SQL: use standard LIMIT/OFFSET syntaxDan McGee4-4/+4
Increases compatibility with standard SQL dialect. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-24pkgsubmit.php: Ensure the session is linked to a valid user.Lukas Fleischer1-3/+8
Prevent race conditions that may occur when either the session or the user is deleted before we extract the actual user identifier. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-24pkgsubmit.php: Remove redundant uid_from_sid() invocations.Lukas Fleischer1-3/+1
uid_from_sid() is called once at the very beginning of the script, storing the actual user identifier in "$uid". No need to fire up another query. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-20Use HTTPs for links in the main site navigation bar (fixes FS#23832).Lukas Fleischer1-7/+7
Basically just sync with what archweb currently uses, prefixing all relative URLs with "http://www.archlinux.org". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-20Use HTTPs for links in out of date notification mails.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-19Use HTTPs for links in password reset confirmation mails.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-19Use HTTPs for links in comment notification mails.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-19urlencode() query args for main site package search (fixes FS#23774).Lukas Fleischer1-1/+1
There may be characters in package dependencies that are reserved within URLs (e.g. "+"). Use urlencode() to ensure those are encoded correctly. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc: unify methods return (fixes FS#17597)tuxce1-29/+19
Include maintainer in info and search method. Lukas: Adjustments for "multiinfo" queries. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc: introduce multiinfo query (fixes FS#17583)Dan McGee2-1/+67
The majority of "real world" info requests [1] come in hefty batches. We would be better served to handle these in one request rather than multiple by allowing AUR clients to send multiple arguments. This enables things like this to work: http://aur.test/rpc.php?type=multiinfo&arg[]=cups-xerox&arg[]=cups-mc2430dl&arg[]=10673 Note to RPC users: unfortunately due to the asinine design of PHP, you unfortunately have to use the 'arg[]' syntax if you want more than one query argument, or you will only get the package satisfying the last arg you pass. [1] Rough data from April 11, 2011, with a total hit count of 1,109,163: 12 /login.php 13 /rpc.php?type=sarch 15 /rpc.php?type=msearch 16 /pingserver.php 16 /rpc.php 22 /logout.php 163 /passreset.php 335 /account.php 530 /pkgsubmit.php 916 /rss2.php 3838 /index.php 6752 /rss.php 9699 / 42478 /rpc.php?type=search 184737 /packages.php 681725 /rpc.php?type=info That means a whopping 61.5% of our requests were for info over the RPC interface; package pages are a distant second at only 16.7%. Lukas: Introduce "multiinfo" query instead of extending "info" (for the sake of backward compatibility). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc.php: be a bit more consistent in query buildingDan McGee1-10/+10
Do the implode as the same but separate step each time, and remove indentation where no other query has it. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-16rpc.php overhaulDan McGee1-69/+44
* Mark things static in the class rather than use a constructor every single invocation of the service. * Don't call mysql_real_escape_string() before we even have a database connection, and don't do work in the database if we don't need to. * Formatting consistency fixups in a few places. * Add new process_query() helper function; use this instead of copy-pasted code in all of the RPC method calls. * Remove the escaping code meant to fix FS#15526, introduced in commit 4d1eb4dd7ac631. It broke more than it solved, only fixed the output in one of three RPC calls (and who knows what the web interface then also does), and proper encoding should be done at the database level rather than up here. Lukas: Add special case for "info" queries to process_query() (return a single result instead of an array of results here). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Don't allow dl() of json moduleDan McGee1-4/+0
You need this enabled for the AUR, period. No need for this BS. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Pass array_map() callback function properly.Lukas Fleischer1-1/+1
PHP requires callback functions to be passed as strings. Fix this to supress PHP notices. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-13Remove "New Package Notify" option from user account settings.Lukas Fleischer2-31/+10
Do this in preparation for the upcoming notification script removal. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Remove comment on translation helpers from "web/lib/translator.inc".Lukas Fleischer1-9/+0
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Remove "web/lang/".Lukas Fleischer22-10660/+0
Those legacy ".po" files and translation helpers are no longer needed as we moved to gettext compatible portable objects. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Replace translation engine with php-gettext.Lukas Fleischer2-14/+10
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Add php-gettext libraries to "web/lib/".Lukas Fleischer2-0/+599
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Add dummy "web/locale/" directory.Lukas Fleischer1-0/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Remove newline in "web/lang/sr.po".Lukas Fleischer1-2/+1
Do this in preparation for converting exisiting translation files into gettext compatible ones. Newlines will he hard to match by a conversion script. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-10Release 1.8.2.1.8.2Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-07Fix French translation.Cédric Girard1-43/+43
* Translation of "notify" has been changed to the literal translation "notifier" which seems more appropriate (cf. recent thread on AUR-general) * Uniformization of the translation of "flag" * Addition of "TU" besides the translation of Trusted User as user may not understand that Trusted User and "Utilisateur de confiance" are the same thing * Some capitalization correction (in French you don't put capital letters in the middle of a sentence as you do eg for title in English). * "unsupported" translation has been replaced by "unsupported" (with quotes) as it makes no sense to translate it * "Safe" translation has been replaced by "sûr" has it seems more appropriate than "sain" (sane) Lukas: Added translator to "AUTHORS". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-06Merge branch 'wip'Lukas Fleischer1-1/+112
2011-04-06Update the german translationWieland Hoffmann1-1/+112
Lukas: Added missing translations strings. Added translator to "AUTHORS". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-06Make "Exact name" search option translatable.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-06Add option to search for exact name matches only (fixes FS#23556).Lukas Fleischer2-2/+7
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-05Initialize "$name" in pkgname_from_id().Lukas Fleischer1-2/+1
Ensures "$name" is always initialized, even if the package doesn't exist. Fixes PHP warnings appearing when retrieving package details of a package with an invalid ID. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-05Remove File_Find PEAR module from code base.Lukas Fleischer3-490/+4
We removed the code depending on this a long time ago - drop it and add some note to "UPGRADING". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-04Fix PHP warning when browsing a non-existent package.Lukas Fleischer1-4/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Add more stats to the front page tableDan McGee2-4/+34
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Add indentation to stats tableDan McGee1-30/+19
Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Remove Dummy Package conceptDan McGee7-79/+27
Instead, we just store dependencies directly in the PackageDepends table. Since we don't use this info anywhere besides the package details page, there is little value in precalculating what is in the AUR vs. what is not. An upgrade path is provided via several SQL statements in the UPGRADING document. There should be no user-visible change from this, but the DB schema gets a bit more sane and we no longer have loads of junk packages in our tables that are never shown to the end user. This should also help the MySQL query planner in several cases as we no longer have to be careful to exclude dummy packages on every query. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Always set ModifiedTS including new packagesDan McGee4-9/+6
Set it equal to the SubmittedTS field, which will be our indication the package is new when we show the logo on the front page of the AUR. This results in the ability to remove the use of the unindexable GREATEST() function from the AUR code everywhere we had to use it before to handle the 0 timestamp case. Note that there is no race condition here in calling UNIX_TIMESTAMP() twice- it always returns the time at the beginning of statment execution: mysql> select unix_timestamp(), sleep(2), unix_timestamp(); +------------------+----------+------------------+ | unix_timestamp() | sleep(2) | unix_timestamp() | +------------------+----------+------------------+ | 1300851746 | 0 | 1300851746 | +------------------+----------+------------------+ 1 row in set (2.00 sec) Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-04-03Submission process code refactorDan McGee1-61/+35
We had a ton of duplicate code shared between the insert and update cases. Do a refactor so we can pull this stuff out below the if/else block and only need it there once, saving some headaches. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Be more restrictive with source tarball contents.Lukas Fleischer1-2/+13
Reject tarballs containing more than one directory or files outside a directory. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix XSS vulnerability in "web/template/header.php".Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix PHP notice when submitting an empty file.Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix strict standards warnings in "web/html/pkgsubmit.php".Lukas Fleischer1-2/+2
end() expects a reference but we pass a function return value here. Using list() is a bit hacky as well as it expects a 0-based array whereas unpack() returns a 1-based array - thus we use "list(, $foo)". Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Check if submitted files are in GZIP format.Lukas Fleischer1-2/+16
This is quite hacky but this way we can ensure users get comprehensible error messages when trying to upload ".tar.xz" or ".tar.bz2" files. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix XSS vulnerabilities in "web/html/voters.php".Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix PHP undefined notice in "web/html/packages.php".Lukas Fleischer1-1/+6
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-30Fix XSS vulnerabilities in package comment templates.Lukas Fleischer2-3/+3
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-24Bump up default per-page value to 50Dan McGee2-7/+7
25 is woefully small for the number of packages many searches can return, and with 28000+ packages in AUR, it makes sense to show a lot more per page by default. The new choices of (50, 100, 250) happen to match those from the main site. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-15Fix main site package search URLDan McGee1-2/+2
I've been wanting to kill this one for a long time. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-12Fix searching for orphans with "$LANG != 'en'" (fixes FS#23252).Lukas Fleischer1-1/+1
Regression introduced in commit ef8fab0c. Removed the strict check again instead of wrapping it in __() to ensure search URLs are language independent. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix XSS vulnerability in package search results and package details.Lukas Fleischer2-10/+10
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2011-03-11Fix broken XHTML.Lukas Fleischer14-154/+170
Fix a lot of invalid XHTML in the templates and actions. There might still be some legacy code left, but this should cover most of it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>