A bug introduced in commit 7d7e079 (Hide the table sorting links on the
dashboard, 2017-02-04) resulted in multiple clicks on a table heading in
the package search results table no longer having any effect, instead of
changing the sorting order. Fix this by removing erroneous spaces from
the GET parameters in the search URL.
Fixes FS#56261.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The tables on the dashboard always show the 50 most recent packages,
ordered by last update. Do not make the table headers of these tables
clickable.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
* Pass search parameters using an associative array instead of $_GET.
* Add a boolean parameter to enable and disable headers/footers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Even though that number is hardcoded in the source code, it is better to
make it not appear in the message catalog such that it can be made
configurable easily later.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This currently does not work. Disable it until we have proper support
for flagging multiple packages on the flag page.
Fixes FS#46780.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Without a label tag around the label it won't be clickable.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Even if we only display two digits after the decimal point, storing more
digits internally allows us to order the search results more accurately.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Remove package base categories. Instead, users can now specify up to
twenty custom keywords that are taken into consideration when searching.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Always show the confirmation check box next to the package actions
drop-down on the package search results page. This allows regular users
to confirm disown commands.
Fixes FS#45264.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace the maintainer package search links with links to the
maintainer's account when browsing the search results as a logged-in
user.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Highlight the version number of out-of-date packages on the package
search results page using the "flagged" class from archweb.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Synchronize the column layout with archweb. This also allows for
easily highlighting the version number of out-of-date packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to
reduce noise in templates.
Note that as of PHP 5.4.0, "<?=" is always available and no longer
requires "short_open_tag" to be set.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Use archweb classes for search result statistics.
* Add some space between page numbers.
* Display current page number instead of current item range.
* Hide page numbers if the result fits into a single page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Move DB code from pkg_search_results.php to already existing function
in pkgfuncs.inc.php
* Centralization of DB code important in a future transition to PDO interface
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Change search results table to use CSS from archweb with better alternating
line contrast
* Change table results header to match archweb
* General clean-up of XHTML
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Using a div container to format heading is ridiculous. Use "<h2></h2>"
instead.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: canyonknight <canyonknight@gmail.com>
Specially crafted pages can force authenticated users to unknowingly perform
actions on the AUR website despite being on an attacker's website. This
cross-site request forgery (CSRF) vulnerability applies to all POST data on
the AUR.
Implement a token system using a double submit cookie. Have a hidden form
value on every page containing POST forms. Use the newly added check_token() to
verify the token sent via POST matches the "AURSID" cookie value. Random
nature of the token limits potential for CSRF.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replacing with CSS styles where appropriate. A previously unused CSS
style is tweaked in the stylesheet to match most of what was done via
non-CSS styling.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Merge all comments and votes of deleted packages into another package if
the "Merge with" field is used. Duplicate votes (votes from a user who
already voted on the target package or voted on more than one of the
deleted packages) are discarded.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Fix a lot of invalid XHTML in the templates and actions. There might
still be some legacy code left, but this should cover most of it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* I tried to remove errors in the sgml-structure
e.g.: <div>
<?php if (foo) { ?>
</div>
<?php } ?>
* I did not remove or add code (except the <table> and <div> stuff, of cause).
I only changed the order of the html/php-tags.
* The bottom and top of the script are now properly indented.
I did not indent the middle part (table of search results) because that would
render the diff completely useless.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
