Fixes two regressions introduced in commit 6681e56 (notify: Do not wrap
references, 2015-10-03).
Fixes FS#46742.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When sending notifications upon request creation, set an initial message
ID instead of setting the Reply-To and References headers.
This used to work but the behavior was unintentionally changed in
9746a65 (Port notification routines to Python, 2015-06-27).
Fixes FS#46645.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of hardcoding the RPC interface documentation in rpc.php,
include the HTML code of the documentation page generated by AsciiDoc.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Convert the RPC interface documentation from web/html/rpc.php to
AsciiDoc and add it to the documentation directory.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since 612300b (Show a warning if .SRCINFO is unchanged, 2015-09-29), the
git-update script displays a warning when a ref update does not affect
the content of the package base meta data. We also invoke git-update to
rebuild the package base details in the aurweb database when a package
base is restored via the SSH interface. In that case, fake information
is passed to the update hook: Both the old and the new object IDs refer
to the current HEAD. Check for such "Everything up-to-date" updates and
not display the ".SRCINFO unchanged" in these cases.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When deleting a package base from the package base deletion form, do not
try to redirect to the package base details page afterwards. Instead,
jump to the package overview.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
After performing a package base action on a separate page, return to the
corresponding package base details page.
Partly fixes FS#46545.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 94aeead (aurjson: Pass http_data array
to all functions, 2015-06-28).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Warn users when a remote ref update does not change the content of
.SRCINFO such that users are reminded of updating package meta data.
Implements FS#46130.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
By using the setup-repo command, it is currently possible to create
empty package bases, which can be used to make package base
reservations. Add a maintenance script to remove such empty package
bases after 24 hours.
Fixes FS#46279.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of introducing a new message "You do not have the right to edit
this comment." for the RPC interface, use "You are not allowed to edit
this comment." which we already show in the front-end.
Reported-by: Christoph Seitz <seitz.christoph@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use a better description for sorting by modification time, as it is not
clear whether "Age" refers to the package creation date or to the
modification date.
The possibility to sort by "Age" is kept internally (but hidden from the
user interface) such that old links to search results still work.
Fixes FS#46319.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When requesting package details, instead of performing another SQL query
to obtain the package name, extract the name from the result of the
package details query.
Also, drop pkg_name_from_id() which is no longer needed after this
optimization.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In 74edb6f (Use Git repositories to store packages, 2014-06-06), package
creation was moved to the Python backend. Remove several PHP functions
that are no longer needed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not use the same function for generating dependency and inverse
dependency links. Instead, factor out common code and create two
separate functions for those (rather different) functionalities.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 4112e57 (Add a restore command to the
SSH interface, 2015-08-14).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When a package base is merged into another one, followers of the old
package base usually want to be notified about comments the new package
base as well.
Fixes FS#27687.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
For all "virtual provisions" in package dependencies, show links to the
actual packages providing the dependency.
This partly implements FS#14125.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The callback parameter of the RPC interface currently allows for
specifying a prefix of arbitrary length of the returned result. This can
be exploited by certain attacks.
As a countermeasure, this patch restricts the allowed character set for
the callback name to letters, digits, underscores, parenthesis and dots.
It also limits the length of the name to 128 characters. Furthermore,
the reflected callback name is now always prepended with "/**/", which
is a common workaround to protect against attacks such as Rosetta Flash.
Fixes FS#46259.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Accept both user names and email addresses in the login prompt.
Suggested-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This helper function was almost 100% identical to uid_from_username().
Switch to using uid_from_username(), which has a much better name and
implementation, everywhere.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The __() helper function already escapes HTML special characters. Do not
escape them again in html_action_*().
Fixes FS#45780.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Sometimes, a user accidentally flags a package out-of-date. Allow users
to unflag packages that they flagged themselves, thereby providing a way
to undo these actions.
Implements FS#46145.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new FlaggerUID field to the database and use it to store the user
ID of the account who recently flagged a package out-of-date.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, package creation has to be done separately from first
submission, so ModifiedTS will never be the same as SubmittedTS.
Consider all packages that are submitted within an hour from package
creation as new.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
