Replace web/lib/config.inc.php with an INI-style configuration file.
This allows us to get rid of several globals and makes it easier to use
the same configuration file in external scripts.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
As a follow-up to 4d7da95 (Add support for architecture-specific fields,
2014-08-10), handle architecture-specific source fields as well.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds support for architecture-specific dependencies and relations.
Support for this has recently been added to makepkg, see commit 2b556d8
(PKGBUILD: handle arch specific attributes, 2014-07-25) in the pacman
repository for details.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Automatically add users to the notification list when adopting a
package. This used to work bug was broken by 03c6304 (Rework permission
handling, 2014-07-15). Fixes FS#41426.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Disallow uploading source tarballs that do not contain .AURINFO. Also,
drop the PKGBUILD parser which is no longer needed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All files contained in the source tarball must have permissions of 644
or 755. All directories must have permissions of 755.
Implements FS#27754.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
If a depends (makedepends, checkdepends, optdepends, conflicts,
provides, replaces, license, groups, source) line appears in a package
section, it replaces the corresponding array from the pkgbase section.
If there is a single "depends = " line in the package section, the
depends array of that package is considered empty.
This partly reverts the behavior introduced in commit 137a9ae (Fix
parsing of array overrides, 2014-05-03).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Split out package licenses into two separate tables in order to support
multiple licenses per package. The code on the package details page is
adjusted accordingly.
UPGRADING contains instructions on how to convert existing licenses in
the database to the new layout.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package conflicts, provides and replaces are now stored in the new
PackageRelations table. The gendummydata script generates test entries
for these relations.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of overwriting arrays, such as depends, from the pkgbase
section, new entries should be appended. Replace array_merge() with a
mixture of array_merge_recursive() and array_replace_recursive() that
merges array fields and replaces non-array fields.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
In addition to parsing and storing dependencies of packages, store
makedepends, checkdepends and optdepends. Every dependency (of any type)
is displayed on the package details page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of always parsing the PKGBUILD, only invoke the parser when
there is no meta data (.AURINFO) available. This speeds up the general
case (packages including meta data).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is legacy code. Move it to a separate source file in order to clean
up the submission code. The code will be removed altogether in an
upcoming release.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A package should only be overwritten if it already belongs to the
package base that is trying to overwrite it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds full support for the new .AURINFO format used by mkaurball,
including support for split packages.
The old PKGBUILD parser is still available for compatibility reasons.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a PackageBases table to the database schema and moves the
following fields from the Packages table to PackageBases:
* CategoryID
* NumVotes
* OutOfDateTS
* SubmittedTS
* ModifiedTS
* SubmitterUID
* MaintainerUID
It also fixes all database accesses to comply with the new layout.
Having a separate PackageBases table is the first step to split package
support. By now, we create one PackageBases entry per package (where the
package base has the same name as the corresponding package). When
adding full support for split packages later, the package base name will
be derived from the pkgbase variable and a single package base will be
shared amongst all packages built from one source package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Make use of the "errorlist" class instead of "pkgoutput" which is no
longer defined in the CSS.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Display a deprecation warning when a package without meta data is
submitted. The user can still decide to ignore that warning by
resubmitting the package but doing so is not recommended.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
mkaurball automatically adds .AURINFO meta data when building, so tell
people to use that instead of `makepkg --source`.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There is an extension to the .AURINFO format that supports split
packages. Since there is no support for split packages in the AUR so
far, add a check to identify these cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Indentation can be useful if one wants to structure an .AURINFO file.
Remove leading and trailing whitespace from each line before parsing.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do not remove parentheses from the pkgname to make sure the split
package detection works properly.
Also, fix a regression introduced in 4bb6e88 (pkgsubmit.php: Simplify
package name validation, 2013-03-05) that resulted in the split package
error message never showing up.
Fixes FS#37496.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for adding a metadata file called ".AURINFO" to source
tarballs to overwrite specific PKGBUILD fields. .AURINFO files are
parsed line by line. The syntax for each line is "key = value", where
key is any of the following field names:
* pkgname
* pkgver
* pkgdesc
* url
* license
* depend
Multiple "depend" lines can be specified to add multiple dependencies.
This format closely matches the .PKGINFO format that is used for binary
packages in pacman/libalpm. It can be extended by field name prefixes or
sections to support split packages later.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Move all PKGBUILD field validations to a central location.
Also, change $pkgbuild[] to $new_pkgbuild[] in order to parse evaluated
PKGBUILD fields instead of raw ones.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).
Also, move the $pkg_name extraction up to fix the split package check.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Since all database related functions will establish a connection
when needed, there is no need to pre-emptively try and establish
a database connection.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
All functions now have a database connection method that will use
the same database connection. This imitates the functionality of
passing a database connection as an argument and makes it redundant.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Uses the Singleton pattern to ensure all queries use the same
database connection that is released upon script completion.
All database connections should now be called with DB::connect() and
not db_connect().
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Display a special error message if the package is identified as split
package.
Currently, the AUR displays a very vague error message when a split
package is submitted ("Invalid name: only lowercase letters are
allowed"). This often caused confusion among package submitters, see
FS#22834 and FS#32450.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Users are able to upload tarballs without a directory.
The directory count for a tarball is available, so use it to
display an error when there is not a single directory.
This patch has no effect on users who generate their uploaded
tarballs using makepkg. All other users must include a directory
in their tarball.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Parameters were not correct for a package update operation.
Fix regression of 763cbf8373
Fixes FS#31868
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A foreach() is run without verifying an uploaded package has any depends.
Fix the undefined index notice for packages uploaded with no depends.
Similar to commit 857de725d1.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Use "<label>"/"</label>" for form labels.
* Use "<strong>"/"</strong>" for important text.
* Use "<h4>"/"</h4>" for headings.
* Drop "<b>"/"</b>" everywhere else.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace all occurrences of "<?php echo" and "<?php print" by "<?=" to
reduce noise in templates.
Note that as of PHP 5.4.0, "<?=" is always available and no longer
requires "short_open_tag" to be set.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Packages can currently be submitted with variables longer than the maximum
allowed by the DB for that specific field. The string will be shortened
without informing the user. This can result in unexpected oddities on
submitted packages. Print error messages informing the user when the package
name, URL, description, license, or version is too long.
Also move the resolution of full package version (including epoch) to an
earlier point in pkgsubmit.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Logged out users who navigate to /submit currently reach a page with only an
error message. This adds the full navigation bar for users who errantly reach
/submit before logging in.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Extend the routing front/back ends to allow for using
"/package/$pkgname/" for individual packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use virtual paths in links (e.g. link to "/packages/" instead of
"/packages.php" etc.) if the virtual path feature is enabled.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
