- 24 Sep, 2012 2 commits
-
-
Lukas Fleischer authored
* Use "<label>"/"</label>" for form labels. * Use "<strong>"/"</strong>" for important text. * Use "<h4>"/"</h4>" for headings. * Drop "<b>"/"</b>" everywhere else. Signed-off-by:Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to reduce noise in templates. Note that as of PHP 5.4.0, "<?=" is always available and no longer requires "short_open_tag" to be set. Signed-off-by:
-
- 23 Aug, 2012 2 commits
-
-
canyonknight authored
Packages can currently be submitted with variables longer than the maximum allowed by the DB for that specific field. The string will be shortened without informing the user. This can result in unexpected oddities on submitted packages. Print error messages informing the user when the package name, URL, description, license, or version is too long. Also move the resolution of full package version (including epoch) to an earlier point in pkgsubmit.php Signed-off-by:
canyonknight <canyonknight@gmail.com> Signed-off-by:
-
canyonknight authored
Logged out users who navigate to /submit currently reach a page with only an error message. This adds the full navigation bar for users who errantly reach /submit before logging in. Signed-off-by:
-
- 15 Jul, 2012 3 commits
-
-
Lukas Fleischer authored
Regression introduced in f3ce74c7 when resolving conflicts. Signed-off-by:
-
Lukas Fleischer authored
Extend the routing front/back ends to allow for using "/package/$pkgname/" for individual packages. Signed-off-by: -
Lukas Fleischer authored
Use virtual paths in links (e.g. link to "/packages/" instead of "/packages.php" etc.) if the virtual path feature is enabled. Signed-off-by:
-
- 14 Jul, 2012 1 commit
-
-
canyonknight authored
A foreach() being run without checking to see if the uploaded PKGBUILD had any sources now no longer causes an undefined index notice when there are no sources. Signed-off-by:
-
- 11 Jul, 2012 1 commit
-
-
canyonknight authored
Signed-off-by:
-
- 06 Jul, 2012 4 commits
-
-
canyonknight authored
* Currently, $_FILES showing a filesize of zero is interpreted as no file was uploaded, despite other errors potentially being the cause. * The $_FILES superglobal stores what the actual error was, so use it. This includes file write problems, empty uploads, partial uploads, and upload_max_filesize being exceeded. Signed-off-by:
-
canyonknight authored
* Move DB code in pkgsubmit.php to new functions in aur.inc.php and pkgfuncs.inc.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by:
-
Lukas Fleischer authored
* Adjust style to match the overall layout. * Use proper HTML tags and double quotes. Signed-off-by:
-
Lukas Fleischer authored
Using a div container to format heading is ridiculous. Use "<h2></h2>" instead. Signed-off-by:
-
- 24 Jun, 2012 1 commit
-
-
canyonknight authored
Specially crafted pages can force authenticated users to unknowingly perform actions on the AUR website despite being on an attacker's website. This cross-site request forgery (CSRF) vulnerability applies to all POST data on the AUR. Implement a token system using a double submit cookie. Have a hidden form value on every page containing POST forms. Use the newly added check_token() to verify the token sent via POST matches the "AURSID" cookie value. Random nature of the token limits potential for CSRF. Signed-off-by:
-
- 19 Mar, 2012 1 commit
-
-
Lukas Fleischer authored
* Reorder checks. * Use simple string functions instead of regular expressions. * Check for type flags before validating paths. The latter ensures we don't treat tarball keywords/flags as directories. This avoids problems with bsdtar inserting PaxHeader attributes into the archive which look something like the following to Archive_Tar: PaxHeader/xcursor-protozoa xcursor-protozoa/ xcursor-protozoa/PaxHeader/PKGBUILD xcursor-protozoa/PKGBUILD This only occurs on certain filesystems (e.g. jfs), but the tarball is by no means invalid. When extracted, it will only contain the PKGBUILD within a single subdirectory. Addresses FS#28802. Thanks-to: Dave Reisner <dreisner@archlinux.org> Signed-off-by:
-
- 25 Oct, 2011 1 commit
-
-
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by:
-
- 24 Oct, 2011 2 commits
-
-
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: -
Dan McGee authored
Replacing with CSS styles where appropriate. A previously unused CSS style is tweaked in the stylesheet to match most of what was done via non-CSS styling. Signed-off-by:
Dan McGee <dan@archlinux.org> Signed-off-by:
-
- 05 Sep, 2011 1 commit
-
-
Lukas Fleischer authored
Do not move the package to the incoming package directory and fail to create proper database entries if some AUR upload helper doesn't provide a category. We got several failing constraints here, such as: Cannot add or update a child row: a foreign key constraint fails (`AUR`.`Packages`, CONSTRAINT `Packages_ibfk_1` FOREIGN KEY (`CategoryID`) REFERENCES `PackageCategories` (`ID`) ON DELETE NO ACTION) Instead, default to "1" (which is "none", or "keep category" for existing packages) if no category is supplied. Signed-off-by:
-
- 20 Aug, 2011 1 commit
-
-
Lukas Fleischer authored
Use the standard string type specifier instead of "%h" in format strings. Both specifiers are treated equally in __() so we shouldn't break anything here. This also allows us to replace the hacky substitution algorithm in __() by vsprintf(). Signed-off-by:
-
- 11 Aug, 2011 2 commits
-
-
Dan McGee authored
Add BEGIN and COMMIT statements where it makes sense to do so. This allows the entire package creation or update process to be atomic and not be seen until it is complete. Signed-off-by:
-
Lukas Fleischer authored
Describe what this function actually does: Return the ID of a package with a given name and return NULL if such a package doesn't exist. The function name is chosen in a fashion similar to other functions from "pkgfuncs.inc.php" (pkgname_from_id(), pkgnotify_from_sid(), ...). Signed-off-by:
-
- 10 Aug, 2011 1 commit
-
-
Dan McGee authored
This implements the following scheme: * /packages/cower/ --> /packages/co/cower/ * /packages/j/ --> /packages/j/j/ * /packages/zqy/ --> /packages/zq/zqy/ We take up to the first two characters of each package name as a intermediate subdirectory, and then the full package name lives underneath that. Shorter named packages live in a single letter directory. Why, you ask? Well because earlier today the AUR hit 32,000 entries in the unsupported/ directory, making new package uploads impossible. While some might argue we shouldn't have so many damn packages in the repos, we should be able to handle this case. Why two characters instead of one? Our two biggest two-char groups, 'pe' and 'py', both start with 'p', and have nearly 2000 packages each. Go Python and Perl. Still needed is a "move the existing data" script, as well as a set of rewrite rules for those wishing to preserve backward compatible URLs for any helper programs doing the wrong thing and relying on them. Signed-off-by:
-
- 29 Jul, 2011 1 commit
-
-
Lukas Fleischer authored
Do not try to insert a falsey value into the database in case of "depends=()". Signed-off-by:
Manuel <manutortosa@chakra-project.org> Signed-off-by:
-
- 28 Jun, 2011 1 commit
-
-
Lukas Fleischer authored
Do not use split(), which has been deprecated as of PHP 5.3.0. As we don't even require regular expressions here, just use explode() instead. Signed-off-by:
-
- 25 Jun, 2011 1 commit
-
-
Slavi Pantaleev authored
The epoch field in PKGBUILD files was completely ignored until now, and the final Version field for a package consisted only of pkgver and pkgrel (example: 5.0-1) This means that rpc.php reported the version incorrectly for packages having epoch > 0. One case where this was a problem is that it confused AUR helpers wanting to examine all locally installed packages (with epoch > 0) and search the AUR for an updated version. The epoch field is taken into consideration now, and if not 0, will be prepended to the final Version field (example: 1:5.0-1) Signed-off-by:
-
- 22 Jun, 2011 1 commit
-
-
elij authored
Lukas: Add note to "UPGRADING". Signed-off-by:
-
- 27 Apr, 2011 1 commit
-
-
Dan McGee authored
Ensure we are not quoting these values in any of our SQL queries. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by:
-
- 24 Apr, 2011 2 commits
-
-
Lukas Fleischer authored
Prevent race conditions that may occur when either the session or the user is deleted before we extract the actual user identifier. Signed-off-by: -
Lukas Fleischer authored
uid_from_sid() is called once at the very beginning of the script, storing the actual user identifier in "$uid". No need to fire up another query. Signed-off-by:
-
- 05 Apr, 2011 1 commit
-
-
Lukas Fleischer authored
We removed the code depending on this a long time ago - drop it and add some note to "UPGRADING". Signed-off-by:
-
- 03 Apr, 2011 3 commits
-
-
Dan McGee authored
Instead, we just store dependencies directly in the PackageDepends table. Since we don't use this info anywhere besides the package details page, there is little value in precalculating what is in the AUR vs. what is not. An upgrade path is provided via several SQL statements in the UPGRADING document. There should be no user-visible change from this, but the DB schema gets a bit more sane and we no longer have loads of junk packages in our tables that are never shown to the end user. This should also help the MySQL query planner in several cases as we no longer have to be careful to exclude dummy packages on every query. Signed-off-by:
-
Dan McGee authored
Set it equal to the SubmittedTS field, which will be our indication the package is new when we show the logo on the front page of the AUR. This results in the ability to remove the use of the unindexable GREATEST() function from the AUR code everywhere we had to use it before to handle the 0 timestamp case. Note that there is no race condition here in calling UNIX_TIMESTAMP() twice- it always returns the time at the beginning of statment execution: mysql> select unix_timestamp(), sleep(2), unix_timestamp(); +------------------+----------+------------------+ | unix_timestamp() | sleep(2) | unix_timestamp() | +------------------+----------+------------------+ | 1300851746 | 0 | 1300851746 | +------------------+----------+------------------+ 1 row in set (2.00 sec) Signed-off-by: -
Dan McGee authored
We had a ton of duplicate code shared between the insert and update cases. Do a refactor so we can pull this stuff out below the if/else block and only need it there once, saving some headaches. Signed-off-by:
-
- 30 Mar, 2011 4 commits
-
-
Lukas Fleischer authored
Reject tarballs containing more than one directory or files outside a directory. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
end() expects a reference but we pass a function return value here. Using list() is a bit hacky as well as it expects a 0-based array whereas unpack() returns a 1-based array - thus we use "list(, $foo)". Signed-off-by: -
Lukas Fleischer authored
This is quite hacky but this way we can ensure users get comprehensible error messages when trying to upload ".tar.xz" or ".tar.bz2" files. Signed-off-by:
-
- 27 Feb, 2011 1 commit
-
-
Lukas Fleischer authored
Signed-off-by:
-
- 25 Feb, 2011 1 commit
-
-
Lukas Fleischer authored
Signed-off-by:
-
