Ensure we are not quoting these values in any of our SQL queries.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Prevent race conditions that may occur when either the session or the
user is deleted before we extract the actual user identifier.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
uid_from_sid() is called once at the very beginning of the script,
storing the actual user identifier in "$uid". No need to fire up another
query.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Basically just sync with what archweb currently uses, prefixing all
relative URLs with "http://www.archlinux.org".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There may be characters in package dependencies that are reserved within
URLs (e.g. "+"). Use urlencode() to ensure those are encoded correctly.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This takes `git shortlog -sen | wc -l` length from 69 to 56 authors for
me, fixing a lot of the author fields that have snuck in over time, and
allows credit to be given where due for some contributors that couldn't
pick a single email address in the past.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The majority of "real world" info requests [1] come in hefty batches. We
would be better served to handle these in one request rather than
multiple by allowing AUR clients to send multiple arguments.
This enables things like this to work:
http://aur.test/rpc.php?type=multiinfo&arg[]=cups-xerox&arg[]=cups-mc2430dl&arg[]=10673
Note to RPC users: unfortunately due to the asinine design of PHP, you
unfortunately have to use the 'arg[]' syntax if you want more than one
query argument, or you will only get the package satisfying the last arg
you pass.
[1] Rough data from April 11, 2011, with a total hit count of 1,109,163:
12 /login.php
13 /rpc.php?type=sarch
15 /rpc.php?type=msearch
16 /pingserver.php
16 /rpc.php
22 /logout.php
163 /passreset.php
335 /account.php
530 /pkgsubmit.php
916 /rss2.php
3838 /index.php
6752 /rss.php
9699 /
42478 /rpc.php?type=search
184737 /packages.php
681725 /rpc.php?type=info
That means a whopping 61.5% of our requests were for info over the RPC
interface; package pages are a distant second at only 16.7%.
Lukas: Introduce "multiinfo" query instead of extending "info" (for the
sake of backward compatibility).
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do the implode as the same but separate step each time, and remove
indentation where no other query has it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Mark things static in the class rather than use a constructor every
single invocation of the service.
* Don't call mysql_real_escape_string() before we even have a database
connection, and don't do work in the database if we don't need to.
* Formatting consistency fixups in a few places.
* Add new process_query() helper function; use this instead of
copy-pasted code in all of the RPC method calls.
* Remove the escaping code meant to fix FS#15526, introduced in commit
4d1eb4dd7a. It broke more than it solved, only fixed the output in
one of three RPC calls (and who knows what the web interface then also
does), and proper encoding should be done at the database level rather
than up here.
Lukas: Add special case for "info" queries to process_query() (return a
single result instead of an array of results here).
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
You need this enabled for the AUR, period. No need for this BS.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We discussed this on aur-dev. Everything that depends on tupkgs should
be removed. Those who still want to be notified should move on to the
RSS feed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Transform into valid Python 3.x code using 2to3.
* Change shebang from "/usr/bin/python2" to "/usr/bin/python3".
* Invoke with "python3" instead of "python2" in "reloadtestdb.sh".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package dependencies are no longer stored as references to the
"Packages" table but kept directly in "PackageDepends", so the dummy
data generation script should be fixed to create package names instead
of references, also. Regression introduced in commit
7c91c59245.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
use the logging module instead of writing directly to stderr
this makes the code cleaner as it removes the numerous tests for the value
of DBUG, yet allows devs to control the level of output verbosity.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
- remove need to use mysql for escaping the sql -- removing single quote
should be enough
- instead of using sql to fetch categories from a live database, simply
consider categories an integer range, specified to the size of that in the
aur-schema.
Lukas: Add "CATEGORIES_COUNT" initialization. Fix random number range
used in genCategory() (AUTO_INCREMENT columns are 1-based by default,
not 0-based).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This simplifies instructions for translators and allows them to have an
out of the box working configuration.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use `rm -f` instead of just `rm` here to supress those annoying warnings
about failed removal if either ".po~" backup files or compiled ".mo"
files are missing.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This ensures we have proper native portable objects instead of those
created by sed(1)'ing the former translation files.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Those can be used as a shortcut to msgmerge(1) to update one
("$locale.po-update") or all ("update-po") portable object files with
new strings from the message catalog ("aur.pot").
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Those are just dummy headers created by ripping them off from "aur.pot"
and changing the "Content-Type" charset to UTF-8.
Needed to make msgmerge(1) operate on our converted ".po" files -
otherwise it would fail to detect the files' encodings and do nothing
but throw a pile of "invalid multibyte sequence" errors.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Can be used to rebuild the message catalog from our source tree.
"po/POTFILES" contains a list of source files to be scanned for
translation strings.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Those legacy ".po" files and translation helpers are no longer needed as
we moved to gettext compatible portable objects.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Put new gettext compatible files into "po/" while keeping old
translations in "web/lang/".
Conversion was done using following hacky shell script:
----
for f in *.po; do
# Remove "<?php" shebang and "global" statements.
sed -i '1d; /^global/d' "$f"
# Convert former translation strings into real PO statements.
sed -i 's/^$_t\[\(.*\)\] = \(.*\);.*/msgid \1\nmsgstr \2/' "$f"
# Ensure there always is an empty line after each msgstr.
sed -i '/^msgstr/!b; n; /^$/!i\
' "$f"
done
----
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do this in preparation for converting exisiting translation files into
gettext compatible ones. Newlines will he hard to match by a conversion
script.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
