When removing an account, remove the user from all last packager fields
before deletion to make sure that no package bases are deleted, even if
propagation constraints are missing.
Fixes FS#53956.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This allows for adding Terms of Service documents to the database that
registered users need to accept before using the AUR. A revision field
can be used to indicate whether a document was updated. If it is
increased, all users are again asked to accept the new terms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of calling check_sid() from every single PHP script representing
a web page, add the call to aur.inc.php which is sourced by all of them.
Also, remove set_lang() calls from the scripts since these are also
already included in aur.inc.php.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit 4abde89 (Use JavaScript to collapse long comments,
2017-04-19), support for collapsing/expanding long comments was added.
This was broken by the recent Markdown support since comments no longer
live inside a single HTML paragraph. Fix this by wrapping each comment
in another div container.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of converting package comments from plain text to HTML code when
they are displayed, do the conversion when the comment is posted and
store the rendered result in the database. The conversion itself is done
by a Python script which uses Bleach for sanitizing the text.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of using CSS to limit the height of package comments as
implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12),
use JavaScript to collapse long comments and add a link to expand them.
Clicking the same link twice results in the corresponding comment being
collapsed again.
If JavaScript is disabled, the full comments are shown (without any
possibility to collapse or expand).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Split optional dependency descriptions from dependency names before
storing them in the database and use a separate column to store the
descriptions.
This allows us to simplify and optimize the SQL queries in
pkg_dependencies() as well as pkg_required().
Suggested-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Make sure that the get_extended_fields() invocation succeeded before
merging regular and extended fields in process_query().
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false. Also, make sure that
the results array is always initialized, even if the result set is
empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of unconditionally calling fetch on the return value of query(),
error out early if the value evaluates to false.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The variable $action is always undefined in pkgbase_delete() which makes
the if-statement always true and triggers a warning whenever a package
base is removed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit e171f6f (Migrate all DB code to use PDO, 2012-08-08),
PDOStatement::fetchAll() was introduced as a drop-in replacement for
mysql_fetch_array(). However, PDOStatement::fetchAll() returns a list of
all results while mysql_fetch_array() returns a single result only.
Instead of adding the missing indirection, simplify the code by using
PDO::fetchColumn().
Also add some safeguards to prevent warnings if the result set returned
by the query is empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The SQL query retrieving the time zone from the database may return an
empty result set if the session timeout was reached. Handle such cases
gracefully by leaving the timezone variable unset.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Drop the fragment part of the redirection code which is an artifact of
the original code copy-pasted in commit ca954fe (Do not redirect when
showing errors during flagging, 2015-10-21).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The $salt variable is no longer needed as of 29a4870 (Use bcrypt to hash
passwords, 2017-02-24).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The pkgbuild_uri option was replaced by source_file_uri in 9df1bd5 (Add
direct links to each source file, 2017-02-12). Change one remaining
reference to pkgbuild_uri accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Display a message that no requests matched the filter criteria instead
of showing an empty package requests table.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use "<?=" instead of "<?" for printing.
Fixes a regression introduced in a9048bb (Dedupe translatable strings,
2015-11-25).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of triggering a PHP warning and using an empty title if no
package base is specified, use a default title.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
All error messages in aurjson except two end with a period. Add the
missing periods to make the messages consistent.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, each source file which is an external link (http://,
https://, ...) is a clickable link.
This commit extends the behaviour by making files from the repository
clickable as well. The link brings the user to the corresponding cgit
page.
Also, the link to the PKGBUILD is altered to make the configuration more
consistent.
Signed-off-by: Janne Heß <jannehess@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a new boolean flag that can be used to disable extended
headers, pagination and forms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When a user is specified, the function only returns package requests
which are either opened by the given user or affecting packages
maintained by the given user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Implement a table that shows all packages which are flagged out-of-date
and either maintained or co-maintained by the currently logged in user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
As a follow-up to commit 6cb8c04 (Implement co-maintainer search,
2017-01-26), add an option to search for both maintainers and
co-maintainers at the same time.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a AUR_CONFIG environment variable that can be used to specify an
alternative configuration file, similar to the feature introduced in
ecbf32f (git-interface: Add AUR_CONFIG environment variable,
2016-08-03).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
