Fixes a regression introduced in 94aeead (aurjson: Pass http_data array
to all functions, 2015-06-28).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of introducing a new message "You do not have the right to edit
this comment." for the RPC interface, use "You are not allowed to edit
this comment." which we already show in the front-end.
Reported-by: Christoph Seitz <seitz.christoph@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use a better description for sorting by modification time, as it is not
clear whether "Age" refers to the package creation date or to the
modification date.
The possibility to sort by "Age" is kept internally (but hidden from the
user interface) such that old links to search results still work.
Fixes FS#46319.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When requesting package details, instead of performing another SQL query
to obtain the package name, extract the name from the result of the
package details query.
Also, drop pkg_name_from_id() which is no longer needed after this
optimization.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In 74edb6f (Use Git repositories to store packages, 2014-06-06), package
creation was moved to the Python backend. Remove several PHP functions
that are no longer needed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not use the same function for generating dependency and inverse
dependency links. Instead, factor out common code and create two
separate functions for those (rather different) functionalities.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When a package base is merged into another one, followers of the old
package base usually want to be notified about comments the new package
base as well.
Fixes FS#27687.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
For all "virtual provisions" in package dependencies, show links to the
actual packages providing the dependency.
This partly implements FS#14125.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The callback parameter of the RPC interface currently allows for
specifying a prefix of arbitrary length of the returned result. This can
be exploited by certain attacks.
As a countermeasure, this patch restricts the allowed character set for
the callback name to letters, digits, underscores, parenthesis and dots.
It also limits the length of the name to 128 characters. Furthermore,
the reflected callback name is now always prepended with "/**/", which
is a common workaround to protect against attacks such as Rosetta Flash.
Fixes FS#46259.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Accept both user names and email addresses in the login prompt.
Suggested-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This helper function was almost 100% identical to uid_from_username().
Switch to using uid_from_username(), which has a much better name and
implementation, everywhere.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The __() helper function already escapes HTML special characters. Do not
escape them again in html_action_*().
Fixes FS#45780.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Sometimes, a user accidentally flags a package out-of-date. Allow users
to unflag packages that they flagged themselves, thereby providing a way
to undo these actions.
Implements FS#46145.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new FlaggerUID field to the database and use it to store the user
ID of the account who recently flagged a package out-of-date.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This method will be used by the JavaScript comment editing and produces
a form containing the comment.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
For use in the new RPC interface to edit comments, the form shouldn't
always print a header. Create a new template pkg_comment_box.php that
prints form and box, change template pkg_comment_form.php to only
print the form.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
We no longer use the term [unsupported] to refer to the "repository" of
AUR packages. Update texts and variable names accordingly.
Fixes FS#45381.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Don't print messages (and the account form) in process_account_form()
anymore, but return them to the caller. When updating accounts, this
function will be called before the headers are written.
If a username has been changed by process_account_form(), the headers
now show the updated username from the database in the 'My Account'
link. Clicking on it immediately after changing a username will no
longer lead to a non-existing URL.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This fixes a bug where the new user name input by the user was
invalid, causing the account deletion link and the form action to be
wrong.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Create two new actions, do_AddComment and do_EditComment. When editing
or deleting a comment, a timestamp is added.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Show an icon next to the comment deletion icon, which leads to a
comment edit form.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use a Python script for sending notification emails. The notification
action and additional parameters are passed via command line arguments.
For comment and package request notifications, the text is passed via
stdin.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This is a preparatory patch that simplifies adding more arguments to
the parse functions
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Until now, a package is listed under "Packages added in the past 7 days"
if it was added at most one week ago and if the last modification time
matches the submission time stamp. A package is considered "updated" if
it was modified at most one week ago and the modification time stamp
differs from the submission time stamp.
Since we are using Git to store packages now, there always is a delay
between package creation (which is handled in git-serve) and last
modification (which is handled by git-update). Thus, by the above
definitions, almost every package is considered "updated".
Since there is no reason for excluding packages that were both added and
updated within the past seven days from the "Packages added in the past
7 days" counter, we can drop the check whether the last modification
time matches the submission time stamp. Also, to identify packages that
were actually updated, we now only count packages that were modified at
least one hour after the initial submission.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This removes the incentive for spammers to post links by asking search
engines to ignore them.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
`ssh-keygen -l` returns more than four tokens when there is whitespace
in the key comment.
Fixes FS#45488.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit changes the messages printed when changing the accound
details so that it only prints that no changes were made if either the
account change SQL query or the account_set_ssh_keys call failed.
Reported-by: Alexis Chotard <alexis.horgix.chotard@gmail.com>
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Displaying flag, notify, vote, adopt and file request links for
users which did not authenticate themselves and letting those fake
buttons link to the login page.
Signed-off-by: Gordian Edenhofer <gordian.edenhofer@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Attaching more than one SSH public key to the same account is useful,
e.g. if one uses different machines to access the AUR SSH interface.
Multiple keys can now be specified by adding multiple lines to the text
area on the account edit form.
Implements FS#45469.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
Add (and use) two new helper functions html_account_link() and
html_account_form() to generate the links in the package actions box.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Until now, we used the same unit to register and edit accounts. Split
these features into separate source files for clarity. This also allows
us to redirect to the home page when a logged-in user tries to access
the registration page.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
After the user was authenticated a redirect to the site which
linked the user to the login page is done. This fixes FS#32481.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
