1. 15 Jul, 2014 1 commit
  2. 01 Jul, 2014 1 commit
  3. 05 Jun, 2014 1 commit
  4. 29 May, 2014 1 commit
  5. 03 May, 2014 1 commit
    • Lukas Fleischer's avatar
      Fix parsing of array overrides · 782e9eb1
      Lukas Fleischer authored
      
      
      If a depends (makedepends, checkdepends, optdepends, conflicts,
      provides, replaces, license, groups, source) line appears in a package
      section, it replaces the corresponding array from the pkgbase section.
      If there is a single "depends = " line in the package section, the
      depends array of that package is considered empty.
      
      This partly reverts the behavior introduced in commit 137a9ae (Fix
      parsing of array overrides, 2014-05-03).
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      782e9eb1
  6. 19 Apr, 2014 1 commit
  7. 05 Apr, 2014 2 commits
    • Lukas Fleischer's avatar
      Do not allow for overwriting arbitrary packages · 8921e4de
      Lukas Fleischer authored
      
      
      A package should only be overwritten if it already belongs to the
      package base that is trying to overwrite it.
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      8921e4de
    • Lukas Fleischer's avatar
      Add provisional support for package bases · b7941073
      Lukas Fleischer authored
      
      
      This adds a PackageBases table to the database schema and moves the
      following fields from the Packages table to PackageBases:
      
      * CategoryID
      * NumVotes
      * OutOfDateTS
      * SubmittedTS
      * ModifiedTS
      * SubmitterUID
      * MaintainerUID
      
      It also fixes all database accesses to comply with the new layout.
      
      Having a separate PackageBases table is the first step to split package
      support. By now, we create one PackageBases entry per package (where the
      package base has the same name as the corresponding package). When
      adding full support for split packages later, the package base name will
      be derived from the pkgbase variable and a single package base will be
      shared amongst all packages built from one source package.
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      b7941073
  8. 10 Feb, 2013 4 commits
  9. 30 Jan, 2013 1 commit
  10. 19 Jan, 2013 2 commits
  11. 21 Oct, 2012 1 commit
  12. 24 Sep, 2012 1 commit
  13. 20 Sep, 2012 1 commit
  14. 17 Sep, 2012 1 commit
    • canyonknight's avatar
      Migrate all DB code to use PDO · e171f6f3
      canyonknight authored
      
      
      All DB code currently uses the quickly aging mysql_* functions. These
      functions are strongly discouraged and may eventually be deprecated.
      
      Transition all code to utilize the PDO data access abstraction layer. PDO
      allows for consistent query code across multiple databases. This could
      potentially allow for someone to use a database other than MySQL with
      minimal code changes.
      
      All functions and behaviors are reproduced as faithfully as possible with
      PDO equivalents and some changes in code.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      e171f6f3
  15. 17 Jul, 2012 1 commit
  16. 14 Jul, 2012 1 commit
  17. 06 Jul, 2012 4 commits
  18. 24 Jun, 2012 1 commit
    • canyonknight's avatar
      Implement token system to fix CSRF vulnerabilities · 2c93f0a9
      canyonknight authored
      
      
      Specially crafted pages can force authenticated users to unknowingly perform
      actions on the AUR website despite being on an attacker's website. This
      cross-site request forgery (CSRF) vulnerability applies to all POST data on
      the AUR.
      
      Implement a token system using a double submit cookie. Have a hidden form
      value on every page containing POST forms. Use the newly added check_token() to
      verify the token sent via POST matches the "AURSID" cookie value. Random
      nature of the token limits potential for CSRF.
      
      Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      2c93f0a9
  19. 24 Mar, 2012 1 commit
  20. 21 Mar, 2012 1 commit
    • BlackEagle's avatar
      valid_email :: check if domain part is real · 0a1e1729
      BlackEagle authored
      
      
      this can be used as an intermediate 'patch' util there is a validation
      system in place.
      
      the extra check is to verify that the domain part of a correctly
      formatted email address is existing and in use. this will not at all
      stop spammers since they can use bogus emails with valid domain parts
      
      Lukas: Minor formatting changes.
      
      Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
      0a1e1729
  21. 02 Nov, 2011 1 commit
  22. 25 Oct, 2011 2 commits
  23. 24 Oct, 2011 3 commits
  24. 11 Aug, 2011 3 commits
  25. 10 Aug, 2011 1 commit
  26. 25 Jun, 2011 2 commits