- Nov 07, 2012
-
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Nov 06, 2012
-
-
canyonknight authored
Package names and dep conditions can be specially crafted for an XSS attack. Properly sanitize these variables on the package details page. In addition, avoid including dep conditions as part of a package link. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Nov 04, 2012
-
-
Lukas Fleischer authored
Use the routing library to build proper URIs instead of relying on the "REQUEST_URI" server variable which can be manipulated and might return bogus URIs. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Both get_pkg_uri() and get_user_uri() should always return root-relative URLs -- do not prepend another "/". Fixes FS#32460. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Make sure we always return root-relative URIs in get_pkg_uri() and in get_user_uri() and prepend a slash ("/") if the virtual URL feature is disabled. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Display a special error message if the package is identified as split package. Currently, the AUR displays a very vague error message when a split package is submitted ("Invalid name: only lowercase letters are allowed"). This often caused confusion among package submitters, see FS#22834 and FS#32450. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Fixes FS#32455. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Fixes FS#32449. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Commit 091c2b5f introduced lower casing to the language drop-down list. Revert this and use htmlspecialchars() to escape language entries instead. Addresses FS#32453. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
The Archive_Tar PEAR module is no longer needed as of commit acdf9a85. Remove the associated upgrading instruction. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 30, 2012
-
-
Lukas Fleischer authored
Display an error page and return a 404 status code in the following cases: * An invalid package name is passed to the "packages" action. * An invalid user name is passed to the "account" action. * An invalid package action is passed. * An invalid account action is passed. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 29, 2012
-
-
canyonknight authored
Users are able to upload tarballs without a directory. The directory count for a tarball is available, so use it to display an error when there is not a single directory. This patch has no effect on users who generate their uploaded tarballs using makepkg. All other users must include a directory in their tarball. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 28, 2012
-
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Word-wrap labels in the package statistics box, just as we wrap package names in the "Recent Updates" box. Addresses FS#32160. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 27, 2012
-
-
canyonknight authored
Some AUR setups do not have PEAR available. While other setups have access to outdated Archive_Tar versions. Avoid these problems completely by including the necessary files for Archive_Tar in lib/. Remove Archive_Tar requirement from INSTALL doc. Signed-off-by: canyonknight <canyonknight@gmail.com>
-
- Oct 22, 2012
-
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
With no limit to the number of results, memory_limit set to 32M can easily be exceeded for searches that have a large number of results. This results in an HTTP error 500 for those queries. Limit results to an amount set within config.inc.php to avoid exceeding memory_limit. Introduce new JSON error code for when the result limit is hit. Fixes FS#31849 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Dan McGee authored
The main site, wiki, and BBS are using HTTPS exclusively, so link directly to the correct protocol rather than forcing a redirect. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 21, 2012
-
-
Lukas Fleischer authored
Change the login link so that it points directly to the HTTPs version of the login page if "$DISABLE_HTTP_LOGIN" is set and if HTTP is used. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 20, 2012
-
-
canyonknight authored
* Add missing <p> tag * Move <h4> outside of a <p> tag * Rename an id to avoid a conflict with an already existing id Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Replace incorrect </td> tags with </th> tags Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
* Add </option> close tags * Add VI delimiter to selected option * Add quotes to language codes Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Give user feedback instead of bailing out with an empty HTTP response body. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 14, 2012
-
-
Lukas Fleischer authored
Highlight the version number of out-of-date packages on the package search results page using the "flagged" class from archweb. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
Synchronize the column layout with archweb. This also allows for easily highlighting the version number of out-of-date packages. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 11, 2012
-
-
canyonknight authored
The delete button is currently on a separate line. Change some logic to allow for the button to be on the same line as poster info. Reported-by: Dave Reisner <d@falconindy.com> Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Comment box already uses <h2> tag. Additional label is not needed. Also remove label for form submit button. Reported-by: Dave Reisner <d@falconindy.com> Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Parameters were not correct for a package update operation. Fix regression of 763cbf83 Fixes FS#31868 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
An array that contains whether the package is blacklisted is being improperly used for a comparison. Use fetchColumn() to avoid the array completely and compare a value directly. Regression with e171f6f3 Fixes FS#31867 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
As all new passwords are hashed and therefore stored in the database at the same length, this limitation is no longer needed. Fixes FS#31855 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
- Oct 10, 2012
-
-
canyonknight authored
Fixes FS#27669 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
An ended vote details page will report a user hasn't voted even when they have. This is a result of faulty logic that only checks if a user has voted if the vote is still running. Regression with commit c15441762c6f6ab4438eaf2854c0ee3146a98b30 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-