Ensure we are not quoting these values in any of our SQL queries.
Thanks-to: elij <elij.mx@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead, we just store dependencies directly in the PackageDepends
table. Since we don't use this info anywhere besides the package details
page, there is little value in precalculating what is in the AUR vs.
what is not.
An upgrade path is provided via several SQL statements in the UPGRADING
document. There should be no user-visible change from this, but the DB
schema gets a bit more sane and we no longer have loads of junk packages
in our tables that are never shown to the end user. This should also
help the MySQL query planner in several cases as we no longer have to be
careful to exclude dummy packages on every query.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
With our use of strtotime() in stats.inc, we are "required" to do so or at
least the emitted warning tells us it is a good idea.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Remove comment that is mostly bogus- the domain is automatically set.
* When logging out, don't delete the language cookie.
* Make the language cookie persistent.
* Use the minimal time possible to expire cookies; no need to compute
anything.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We should not rely on the default server setting staying the same
forever.
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There is really no need to use persistent connections to the database in
this day and age. Most PHP development guides recommend against it, and the
new mysqli interface doesn't even include the functionality.
Add a matching but currently unused db_disconnect() function while we are at
it. Reference counting will cover us for the most part, however.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
All we're looking for now is an @ in any email address to fix problem with not being able to have + in addresses and just because I see no advantage to having any sort of stringent validation
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.
Thanks to Dan McGee for chmod_group.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
DEFAULT_LANG will essentially be used to specify what language
strings are initially written in.
This will eliminate the need for English translation arrays in
AUR and make adding or changing the English strings a lot easier.
DEFAULT_LANG may be required for strings to display properly.
Also change the output when a translation isn't found.
Eliminate the <b> which can cause validation errors depending
on where the string is placed.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Patches can_submit_pkg(), this fixes the heaps of bugs people are having
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Utilise login form template.
Also cleaned up a couple notices.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>
It was broken and hardly used. It's just as easy
to add short print statements or logging if
some debugging output is needed.
Signed-off-by: Simo Leone <simo@archlinux.org>
Fixes a login error where entering nothing would result in the login message
"Incorrect password for username, ." and changes the translation "TU" to
"Trusted User" so the menu bar on the accounts page doesn't bug up (we need a
new translation system :((()
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>
Cleans up links on front page, adds a TU link to the header to the voting
application, fixes some titles and styling for logged in text
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Verbose page titles again
Adds support for more verbose page titles based on current
page and action by user and removes sort by options from
search form as they're obsolete by column links.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
This removes the name, overwrite and comment options from pkgsubmit.php
by moving when the tarball is extracted (and where) and when the pkgbuild
is parsed so pkgname is taken from the pkgbuild instead of user input
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
In the check_sid function in aur.inc the condition for expiring the
cookie and redirecting to hacker.php could never be met and instead
the user would be given blank login instead of being considered logged
out, now fixed. This also means we no longer need either hacker.php or
timeout.php at all.
Also, this bug seems to be present in the AUR version running on
aur.archlinux.org.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
This removes the need for a timeout page (and probably hacker.php) and
moves the login form and status to the header. If your login times out
you won't lose your place anymore and links will always work. Works
for me but at the moment index_po.php is imported in aur.inc which has
to stay until the translations from it for login are moved to
aur_po.php.
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Rather than rely in any way on config.inc, which is expected to be edited
by the user and to persist across versions without change, the version
string definition is stored in version.inc and included from aur.inc.
