Fix a lot of invalid XHTML in the templates and actions. There might
still be some legacy code left, but this should cover most of it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This removes the need for SQL_CALC_FOUND_ROWS which can really slow down
queries in a lot of cases. The COUNT(*) query we end up performing can
reuse a lot of the original clauses from our primary query, but we can
really slim it up by omitting some joins and the sorting/limiting
clauses.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
No functional change here; we should be rebuilding the same query at the
end of the process.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
And use implode() instead of some looping/first time logic.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
With our use of strtotime() in stats.inc, we are "required" to do so or at
least the emitted warning tells us it is a good idea.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
For some reason we were doing this song and dance "iterate all the known
parameters" business. This is totally unnecessary, clutters the links,
and was spewing errors all over the place, so kill it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
If we were displaying this without coming from a previous query submit,
notices were emitted all over the place. Fix them by adding an isset()
first to each variable we try to access.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Required by query does not have a dep condition element.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need mysql_real_escape_string(), we need valid integer
conversions.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Since only TUs/Devs can delete packages, we can remove almost all checks
except the account type check. And now that our DB uses foreign keys,
all of the other deletes happen implicitly when a package is deleted so
we don't need to take care of it here.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This change is necessary to prevent this:
mysql> delete from Users where ID = 112;
ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`aur`.`Packages`, CONSTRAINT `Packages_ibfk_2` FOREIGN KEY (`SubmitterUID`) REFERENCES `Users` (`ID`) ON DELETE NO ACTION)
As a bonus, due to foreign keys, orphaning of packages will be
automatic.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Remove comment that is mostly bogus- the domain is automatically set.
* When logging out, don't delete the language cookie.
* Make the language cookie persistent.
* Use the minimal time possible to expire cookies; no need to compute
anything.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We trusted the values we pulled out of the IDs array and never coerced
them to integers, passing them to the backend unescaped and uncasted.
Ensure they are treated as integers only and validate the resulting
value is > 0.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We should not rely on the default server setting staying the same
forever.
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* I tried to remove errors in the sgml-structure
e.g.: <div>
<?php if (foo) { ?>
</div>
<?php } ?>
* I did not remove or add code (except the <table> and <div> stuff, of cause).
I only changed the order of the html/php-tags.
* The bottom and top of the script are now properly indented.
I did not indent the middle part (table of search results) because that would
render the diff completely useless.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Can be used to blacklist package names for normal users. TUs and
developers are not affected. This is especially useful if used together
with a cron job that updates the blacklist periodically, e.g. to reject
packages which are available in the binary repos (FS#12902).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Improves variable substitution in the PKGBUILD parser a bit to avoid
infinite replacement loops when a PKGBUILD contains assigments of the
form "foo=${foo[@]}bar".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Tarball extraction code has been removed in commit
ec0dfc27de, so links to package sources
contained in the source tarball itself will no longer be accessible
through the AUR frontend.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
