Fixes a regression introduced in 94aeead (aurjson: Pass http_data array
to all functions, 2015-06-28).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Warn users when a remote ref update does not change the content of
.SRCINFO such that users are reminded of updating package meta data.
Implements FS#46130.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
By using the setup-repo command, it is currently possible to create
empty package bases, which can be used to make package base
reservations. Add a maintenance script to remove such empty package
bases after 24 hours.
Fixes FS#46279.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of introducing a new message "You do not have the right to edit
this comment." for the RPC interface, use "You are not allowed to edit
this comment." which we already show in the front-end.
Reported-by: Christoph Seitz <seitz.christoph@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use a better description for sorting by modification time, as it is not
clear whether "Age" refers to the package creation date or to the
modification date.
The possibility to sort by "Age" is kept internally (but hidden from the
user interface) such that old links to search results still work.
Fixes FS#46319.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When requesting package details, instead of performing another SQL query
to obtain the package name, extract the name from the result of the
package details query.
Also, drop pkg_name_from_id() which is no longer needed after this
optimization.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In 74edb6f (Use Git repositories to store packages, 2014-06-06), package
creation was moved to the Python backend. Remove several PHP functions
that are no longer needed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not use the same function for generating dependency and inverse
dependency links. Instead, factor out common code and create two
separate functions for those (rather different) functionalities.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 4112e57 (Add a restore command to the
SSH interface, 2015-08-14).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When a package base is merged into another one, followers of the old
package base usually want to be notified about comments the new package
base as well.
Fixes FS#27687.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
For all "virtual provisions" in package dependencies, show links to the
actual packages providing the dependency.
This partly implements FS#14125.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The callback parameter of the RPC interface currently allows for
specifying a prefix of arbitrary length of the returned result. This can
be exploited by certain attacks.
As a countermeasure, this patch restricts the allowed character set for
the callback name to letters, digits, underscores, parenthesis and dots.
It also limits the length of the name to 128 characters. Furthermore,
the reflected callback name is now always prepended with "/**/", which
is a common workaround to protect against attacks such as Rosetta Flash.
Fixes FS#46259.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Accept both user names and email addresses in the login prompt.
Suggested-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This helper function was almost 100% identical to uid_from_username().
Switch to using uid_from_username(), which has a much better name and
implementation, everywhere.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The __() helper function already escapes HTML special characters. Do not
escape them again in html_action_*().
Fixes FS#45780.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Sometimes, a user accidentally flags a package out-of-date. Allow users
to unflag packages that they flagged themselves, thereby providing a way
to undo these actions.
Implements FS#46145.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new FlaggerUID field to the database and use it to store the user
ID of the account who recently flagged a package out-of-date.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, package creation has to be done separately from first
submission, so ModifiedTS will never be the same as SubmittedTS.
Consider all packages that are submitted within an hour from package
creation as new.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Show item count on sources section just like it is done for
dependencies and required by.
Fixes FS#45881.
Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
To be more flexible with messages, we shouldn't always output this
message when a comment has been sent. Moreover, currently it is not
displayed due to the POST-Redirect-GET pattern, where the comment
parameter is lost after redirection.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Circumvents the temporary regression in git that clones a repository
as foo-git.git instead of foo-git and matches the format used by
other commonly used git hosting providers.
Fixes FS#45834.
Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Update the link to the project page on Transifex and remove an outdated link
to the Arch Wiki.
Fixes FS#45966.
Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Implement a new command that can be used to restore deleted package
bases without having to push a new commit.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The pkgbase variable already contains the package base name at this
point, no need to reassign it.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since c4870a9 (git-update: Only check HEAD for blacklisted packages,
2015-06-04), only the HEAD commit package name is looked up in the
blacklist. This means that we no longer need to read the blacklist
before running the commit walker. Moving the blacklist reading code
further down makes the code easier to read.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This method will be used by the JavaScript comment editing and produces
a form containing the comment.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
