This project is mirrored from https://:*****@gitlab.archlinux.org/archlinux/aurweb.git.
Pull mirroring updated .
- 13 Mar, 2018 1 commit
-
-
Signed-off-by:
Johannes Löthberg <johannes@kyriasis.com> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 10 Mar, 2018 2 commits
-
-
Change the defines to config_get and add one cache option and one option to define memcache_servers. Mention the required dependency to get memcached working in the INSTALL file. Signed-off-by:
Jelle van der Waa <jelle@vdwaa.nl>
Signed-off-by: -
Signed-off-by:
Jelle van der Waa <jelle@vdwaa.nl>
Signed-off-by:
-
- 24 Feb, 2018 4 commits
-
-
It is now possible to search for packages that depend on a given package, for instance: /rpc/?v=5&type=search&by=depends&arg=ocaml It is similarly possible to match on "makedepends", "checkdepends" and "optdepends". Signed-off-by:Baptiste Jonglez <git@bitsofnetworks.org> Signed-off-by:
-
Implements FS#53832. Signed-off-by:
Mark Weiman <mark.weiman@markzz.com> Signed-off-by:
-
This allows us to prevent users from hammering the API every few seconds to check if any of their packages were updated. Real world users check as often as every 5 or 10 seconds. Signed-off-by:
Florian Pritz <bluewind@xinu.at>
Signed-off-by: -
For some reason, running the SELECT .. WHERE .. OR .. query takes e.g. 58ms on a randomly generated db for some dependency name. Splitting the OR into two dedicated queries and UNIONing the result takes only 0.42ms. On the Arch Linux installation, searching for the providers of e.g. mongodb takes >=110ms when not cached by the query cache. The new query takes <1ms even when not cached. Signed-off-by:
Florian Pritz <bluewind@xinu.at>
Signed-off-by:
-
- 26 Jan, 2018 1 commit
-
-
To people unfamiliar with the code, it is not obvious that the pdo_* PHP extensions must be enabled. Signed-off-by:
-
- 21 Jan, 2018 1 commit
-
-
git/auth is run as an AutherizedKeysCommand which does not get the environment variables passed to it, so AUR_OVERWRITE always got hard-set to '0' by it. Instead we need to perform the actual privilege check in git/update instead. Signed-off-by:
-
- 23 Dec, 2017 1 commit
-
-
In commit 8c98db0b support was added for package co-maintainers to pin comments in addition to maintainers. Due to a typo, the SQL query was reset halfway through and only added the co-maintainer IDs to the list of allowed users. Fixes FS#56783. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by:
-
- 03 Dec, 2017 3 commits
-
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Since commit 4efba18f (Only allow valid HTTP(s) URLs as home page, 2017-11-05), the home page field in the account settings must be a valid URL. However, this new check prevents from leaving the field empty. Keep the check in place but skip it if the home page field is left empty. Fixes FS#56550. Signed-off-by:
-
Lukas Fleischer authored
Signed-off-by:
-
- 02 Dec, 2017 1 commit
-
-
Lukas Fleischer authored
Signed-off-by:
-
- 28 Nov, 2017 2 commits
-
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
This partially fixes FS#56472. Signed-off-by:
-
- 08 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
Automatically detect references to Flyspray bug reports in comments and convert them to links to the Arch Linux bug tracker. Implements FS#52008. Signed-off-by:
-
- 07 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
A bug introduced in commit 7d7e0793 (Hide the table sorting links on the dashboard, 2017-02-04) resulted in multiple clicks on a table heading in the package search results table no longer having any effect, instead of changing the sorting order. Fix this by removing erroneous spaces from the GET parameters in the search URL. Fixes FS#56261. Signed-off-by:
-
- 06 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
Implements FS#56255. Signed-off-by:
-
- 05 Nov, 2017 4 commits
-
-
Lukas Fleischer authored
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: -
Lukas Fleischer authored
The home page specified in the account settings is converted to a clickable link on the user's profile. Make sure it is a valid URL which uses the http or https scheme. Signed-off-by: -
Lukas Fleischer authored
Do not allow to render aurweb pages in a frame to protect against clickjacking. Fixes FS#56168. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- 25 Aug, 2017 3 commits
-
-
Lukas Fleischer authored
Add a Travis CI configuration file to setup a test environment with all the required dependencies and run the test suite. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang of Python scripts. This adds support for non-standard Python interpreter paths such as the paths used in virtualenv environments. Signed-off-by:
-
- 10 Aug, 2017 1 commit
-
-
Lukas Fleischer authored
Since c5302d3a (Require TUs to explicitly request to overwrite a pkgbase, 2017-07-24), non-fast-forward pushes require setting the AUR_OVERWRITE environment variable. Make sure that git-auth passes this variable to git-serve when it should (and does not pass it if it shouldn't). Signed-off-by:
-
- 08 Aug, 2017 2 commits
-
-
Lukas Fleischer authored
Add a missing space to the SQL statement performing the disown operation. Fixes FS#55068. Note that the broken query was not discovered by the test suite since SQLite parses "?AND" inside prepared statements gracefully while MySQL does not. Signed-off-by: -
Lukas Fleischer authored
Since commit c5302d3a (Require TUs to explicitly request to overwrite a pkgbase, 2017-07-24), non-fast-forward pushes are denied even for Trusted Users, unless the AUR_OVERWRITE environment variable is set. Mark the test case performing a non-fast-forward push from a TU account as test_must_fail and add another test case performing the same operation with AUR_OVERWRITE=1. Signed-off-by:
-
- 01 Aug, 2017 3 commits
-
-
Lukas Fleischer authored
Add installation instructions for python-bleach and python-markdown which are required for the rendercomment script. Signed-off-by: -
Lukas Fleischer authored
In addition to the packages list and the package base list, also create a list of registered user names. Signed-off-by: -
Lukas Fleischer authored
When removing an account, remove the user from all last packager fields before deletion to make sure that no package bases are deleted, even if propagation constraints are missing. Fixes FS#53956. Signed-off-by:
-
- 25 Jul, 2017 1 commit
-
-
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ ) Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `AUR_OVERWRITE=1 git push --force` Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by:
-
- 22 Jul, 2017 2 commits
-
-
This was broken in commit 8914a41d which refactored the argument parsing. Instead of checking for at least the set-keywords command and a pkgbase name, we were checking for *exactly* the command and pkgbase name, leaving no room for keywords... As a result, while we could clear the keywords, we could not set them. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- 02 May, 2017 1 commit
-
-
PackageBases.FlaggerComment and PackageComments.RenderedComment cannot be NULL and would cause problems in the output file for sqlite users. This patch adds empty strings ("") as values for these fields. Signed-off-by:
-
- 30 Apr, 2017 1 commit
-
-
Lukas Fleischer authored
This allows for adding Terms of Service documents to the database that registered users need to accept before using the AUR. A revision field can be used to indicate whether a document was updated. If it is increased, all users are again asked to accept the new terms. Signed-off-by:
-
- 27 Apr, 2017 1 commit
-
-
Lukas Fleischer authored
Instead of calling check_sid() from every single PHP script representing a web page, add the call to aur.inc.php which is sourced by all of them. Also, remove set_lang() calls from the scripts since these are also already included in aur.inc.php. Signed-off-by:
-
- 26 Apr, 2017 1 commit
-
-
Lukas Fleischer authored
Signed-off-by:
-
- 25 Apr, 2017 1 commit
-
-
Lukas Fleischer authored
Since commit 09cb61ab (schema: Remove invalid default values for TEXT columns, 2017-04-15), the PackageRequests.Comments and PackageRequests.ClosureComment fields no longer have a default value. Initialize these fields explicitly whenever a new row is added to the PackageRequests table. Signed-off-by:
-
