- 06 Jul, 2012 7 commits
-
-
canyonknight authored
There is no reason the MaintainerUID can't be treated as a string within this script. By changing to a string an "if" statement can be eliminated. Signed-off-by:
canyonknight <canyonknight@gmail.com> Signed-off-by:
Lukas Fleischer <archlinux@cryptocrack.de>
-
canyonknight authored
Signed-off-by:
-
canyonknight authored
* Exit with an error if fortune command isn't found * No reason to enforce the "-l" option from the fortune command Signed-off-by:
-
canyonknight authored
* Remove outdated information * Give a brief synopsis of what the web visible PHP files do Signed-off-by:
-
canyonknight authored
Old README file is severely outdated, update with current information. Signed-off-by:
-
canyonknight authored
Move documentation related to installation to a separate INSTALL file. Signed-off-by:
-
Lukas Fleischer authored
This allows for getting the package names of multiple packages at once, without having to iterate over them and making one DB query per package. pkgname_from_id() now accepts both integer arrays and single integers (backwards compatibility mode). Signed-off-by:
-
- 31 May, 2012 1 commit
-
-
Dario Giovannetti authoredSigned-off-by:
-
- 06 May, 2012 2 commits
-
-
Lukas Fleischer authored
Retrieve the package ID early and merge the if-branches calling package_details(). Signed-off-by: -
Dan McGee authored
Rather than looking up by username, it makes more sense to look the stats up by user ID to reduce the number of needed joins. Signed-off-by:
Dan McGee <dan@archlinux.org> Signed-off-by:
-
- 24 Mar, 2012 4 commits
-
-
Lukas Fleischer authored
Addresses FS#9582 and FS#21600. Signed-off-by: -
Lukas Fleischer authored
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: -
Lukas Fleischer authored
Always put the opening brace on the same line as the beginning of the function declaration. Signed-off-by: -
Lukas Fleischer authored
This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by:
-
- 21 Mar, 2012 1 commit
-
-
BlackEagle authored
this can be used as an intermediate 'patch' util there is a validation system in place. the extra check is to verify that the domain part of a correctly formatted email address is existing and in use. this will not at all stop spammers since they can use bogus emails with valid domain parts Lukas: Minor formatting changes. Signed-off-by:
-
- 19 Mar, 2012 1 commit
-
-
Lukas Fleischer authored
* Reorder checks. * Use simple string functions instead of regular expressions. * Check for type flags before validating paths. The latter ensures we don't treat tarball keywords/flags as directories. This avoids problems with bsdtar inserting PaxHeader attributes into the archive which look something like the following to Archive_Tar: PaxHeader/xcursor-protozoa xcursor-protozoa/ xcursor-protozoa/PaxHeader/PKGBUILD xcursor-protozoa/PKGBUILD This only occurs on certain filesystems (e.g. jfs), but the tarball is by no means invalid. When extracted, it will only contain the PKGBUILD within a single subdirectory. Addresses FS#28802. Thanks-to: Dave Reisner <dreisner@archlinux.org> Signed-off-by:
-
- 09 Mar, 2012 6 commits
-
-
Lukas Fleischer authored
Conflicts: UPGRADING web/lib/config.inc.php.proto
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
This one is not a specific dialect, so "nb" (Norwegian Bokmål) is the better name to use here. Thanks-to: Alexander Rødseth <rodseth@gmail.com> Signed-off-by: -
Lukas Fleischer authored
This makes the difference between Portuguese (Brazil) and Portuguese (Portugal) a bit clearer. Also, "pt_PT" is way more up to date than "pt". Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- 08 Mar, 2012 1 commit
-
-
Lukas Fleischer authored
Use "undisclosed-recipients: ;" when sending mass notifications (such as comment notifications and the like. Addresses FS#28229. Signed-off-by:
-
- 19 Feb, 2012 3 commits
-
-
Lukas Fleischer authored
-
Lukas Fleischer authored
Escape each output string using htmlspecialchars(). These aren't exploitable; it's still better to escape them properly. Signed-off-by: -
Lukas Fleischer authored
Escape strings properly using htmlspecialchars(). Seems like we missed these in former cleanups. Fixes FS#28515. Signed-off-by:
-
- 17 Dec, 2011 1 commit
-
-
Andrea Scarpino authored
Signed-off-by:
-
- 03 Nov, 2011 1 commit
-
-
Lukas Fleischer authored
Return an empty array and set the result count to zero instead. Before: $ curl 'http://localhost/rpc.php?type=search&arg=raboof' {"type":"error","resultcount":0,"results":"No results found"} After: $ curl 'http://localhost/rpc.php?type=search&arg=raboof ' {"type":"search","resultcount":0,"results":[]} Signed-off-by:
-
- 02 Nov, 2011 3 commits
-
-
Dave Reisner authored
We already ask for the result count, but only use it as a basis for testing query success or failure. Add the value to the JSON reply. Signed-off-by:
Dave Reisner <dreisner@archlinux.org> Signed-off-by:
-
Alexander Rødseth authored
Signed-off-by:
Alexander Rødseth <rodseth@gmail.com> Signed-off-by:
-
Dan McGee authored
This should be set to something like 'http://localhost' for development or 'https://aur.archlinux.org ' in production. It ensures all links in the site stay in the development site and there is no sudden jump from development to production environments. Signed-off-by:
-
- 25 Oct, 2011 3 commits
-
-
Lukas Fleischer authored
-
Lukas Fleischer authored
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb66 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: -
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by:
-
- 24 Oct, 2011 6 commits
-
-
Lukas Fleischer authored
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb66 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: -
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: -
Florian Pritz authoredSigned-off-by:
Florian Pritz <bluewind@xinu.at>
Signed-off-by: -
Dan McGee authored
We already show it in the account listing page as well, so we should show it here too. Also use a standard date format; we weren't using this non-punctuated format anywhere else. Signed-off-by:
-
Dan McGee authored
Signed-off-by:
-
Dan McGee authored
This affects login the most, where we save about 4 calls to db_connect() by passing a single handle into functions where necessary. Signed-off-by:
-
