- 06 Jul, 2012 2 commits
-
-
canyonknight authored
Move documentation related to installation to a separate INSTALL file. Signed-off-by:
canyonknight <canyonknight@gmail.com> Signed-off-by:
Lukas Fleischer <archlinux@cryptocrack.de>
-
Lukas Fleischer authored
This allows for getting the package names of multiple packages at once, without having to iterate over them and making one DB query per package. pkgname_from_id() now accepts both integer arrays and single integers (backwards compatibility mode). Signed-off-by:
-
- 31 May, 2012 1 commit
-
-
Dario Giovannetti authoredSigned-off-by:
-
- 06 May, 2012 2 commits
-
-
Lukas Fleischer authored
Retrieve the package ID early and merge the if-branches calling package_details(). Signed-off-by: -
Dan McGee authored
Rather than looking up by username, it makes more sense to look the stats up by user ID to reduce the number of needed joins. Signed-off-by:
Dan McGee <dan@archlinux.org> Signed-off-by:
-
- 24 Mar, 2012 4 commits
-
-
Lukas Fleischer authored
Addresses FS#9582 and FS#21600. Signed-off-by: -
Lukas Fleischer authored
This is more user-friendly than supporting package IDs only and can be used as a basis to support direct links to AUR packages in places where links are computer-produced (e.g. Wiki templates). Addresses FS#21600 and FS#28839. Signed-off-by: -
Lukas Fleischer authored
Always put the opening brace on the same line as the beginning of the function declaration. Signed-off-by: -
Lukas Fleischer authored
This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by:
-
- 21 Mar, 2012 1 commit
-
-
BlackEagle authored
this can be used as an intermediate 'patch' util there is a validation system in place. the extra check is to verify that the domain part of a correctly formatted email address is existing and in use. this will not at all stop spammers since they can use bogus emails with valid domain parts Lukas: Minor formatting changes. Signed-off-by:
-
- 19 Mar, 2012 1 commit
-
-
Lukas Fleischer authored
* Reorder checks. * Use simple string functions instead of regular expressions. * Check for type flags before validating paths. The latter ensures we don't treat tarball keywords/flags as directories. This avoids problems with bsdtar inserting PaxHeader attributes into the archive which look something like the following to Archive_Tar: PaxHeader/xcursor-protozoa xcursor-protozoa/ xcursor-protozoa/PaxHeader/PKGBUILD xcursor-protozoa/PKGBUILD This only occurs on certain filesystems (e.g. jfs), but the tarball is by no means invalid. When extracted, it will only contain the PKGBUILD within a single subdirectory. Addresses FS#28802. Thanks-to: Dave Reisner <dreisner@archlinux.org> Signed-off-by:
-
- 09 Mar, 2012 6 commits
-
-
Lukas Fleischer authored
Conflicts: UPGRADING web/lib/config.inc.php.proto
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
This one is not a specific dialect, so "nb" (Norwegian Bokmål) is the better name to use here. Thanks-to: Alexander Rødseth <rodseth@gmail.com> Signed-off-by: -
Lukas Fleischer authored
This makes the difference between Portuguese (Brazil) and Portuguese (Portugal) a bit clearer. Also, "pt_PT" is way more up to date than "pt". Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- 08 Mar, 2012 1 commit
-
-
Lukas Fleischer authored
Use "undisclosed-recipients: ;" when sending mass notifications (such as comment notifications and the like. Addresses FS#28229. Signed-off-by:
-
- 19 Feb, 2012 3 commits
-
-
Lukas Fleischer authored
-
Lukas Fleischer authored
Escape each output string using htmlspecialchars(). These aren't exploitable; it's still better to escape them properly. Signed-off-by: -
Lukas Fleischer authored
Escape strings properly using htmlspecialchars(). Seems like we missed these in former cleanups. Fixes FS#28515. Signed-off-by:
-
- 17 Dec, 2011 1 commit
-
-
Andrea Scarpino authoredSigned-off-by:
-
- 03 Nov, 2011 1 commit
-
-
Lukas Fleischer authored
Return an empty array and set the result count to zero instead. Before: $ curl 'http://localhost/rpc.php?type=search&arg=raboof' {"type":"error","resultcount":0,"results":"No results found"} After: $ curl 'http://localhost/rpc.php?type=search&arg=raboof ' {"type":"search","resultcount":0,"results":[]} Signed-off-by:
-
- 02 Nov, 2011 3 commits
-
-
Dave Reisner authored
We already ask for the result count, but only use it as a basis for testing query success or failure. Add the value to the JSON reply. Signed-off-by:
Dave Reisner <dreisner@archlinux.org> Signed-off-by:
-
Alexander Rødseth authored
Signed-off-by:
Alexander Rødseth <rodseth@gmail.com> Signed-off-by:
-
Dan McGee authored
This should be set to something like 'http://localhost' for development or 'https://aur.archlinux.org ' in production. It ensures all links in the site stay in the development site and there is no sudden jump from development to production environments. Signed-off-by:
-
- 25 Oct, 2011 3 commits
-
-
Lukas Fleischer authored
-
Lukas Fleischer authored
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb66 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: -
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by:
-
- 24 Oct, 2011 11 commits
-
-
Lukas Fleischer authored
Percent signs ("%") and underscores ("_") are not escaped by mysql_real_escape_string() and are interpreted as wildcards if combined with "LIKE". Write a wrapper function db_escape_like() and use it where appropriate. Note that we already fixed this for the RPC interface in commit da2ebb66 but missed the other places. This patch should fix all remaining flaws reported in FS#26527. Signed-off-by: -
Lukas Fleischer authored
Wrap mysql_real_escape_string() in a wrapper function db_escape_string() to ease porting to other databases, and as another step to pulling more of the database code into a central location. This is a rebased version of a patch by elij submitted about half a year ago. Thanks-to: elij <elij.mx@gmail.com> Signed-off-by: -
Florian Pritz authoredSigned-off-by:
Florian Pritz <bluewind@xinu.at>
Signed-off-by: -
Dan McGee authored
We already show it in the account listing page as well, so we should show it here too. Also use a standard date format; we weren't using this non-punctuated format anywhere else. Signed-off-by:
-
Dan McGee authored
Signed-off-by:
-
Dan McGee authored
This affects login the most, where we save about 4 calls to db_connect() by passing a single handle into functions where necessary. Signed-off-by:
-
Dan McGee authored
Replacing with CSS styles where appropriate. A previously unused CSS style is tweaked in the stylesheet to match most of what was done via non-CSS styling. Signed-off-by:
-
Dan McGee authored
The create database statement sets the default character set of the database to UTF-8, so no need to do it down below. Signed-off-by:
-
Dan McGee authored
Notable changes include the necessary handle object and the splitting of provides and replaces into alpm_depend_t objects. Signed-off-by:
-
Dan McGee authored
This is not strictly necessry as listitem->data is public. Signed-off-by:
-
Dan McGee authored
Always use two lines for if statements, use a character constant rather than the 0 integer when NULL-terminating a string, and remove the unnecessary NULL check before free(value)- free(NULL) is a no-op and always safe. Signed-off-by:
-
