Can be used to blacklist package names for normal users. TUs and
developers are not affected. This is especially useful if used together
with a cron job that updates the blacklist periodically, e.g. to reject
packages which are available in the binary repos (FS#12902).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Improves variable substitution in the PKGBUILD parser a bit to avoid
infinite replacement loops when a PKGBUILD contains assigments of the
form "foo=${foo[@]}bar".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This solves the problem of include files not being found after an error.
$_SERVER['DOCUMENT_ROOT'] is not reliable because the AUR might be
installed in a subdirectory.
This closes http://bugs.archlinux.org/task/16887
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
makepkg --source should be used to upload packages.
It provides a bit of error checking and it's good to support only a
single format here.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
comments need to be removed before concatenating lines, otherwise
not matched brackets can cause problems on submit
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Better detection of the build function.
Better detection of variables.
Support for variables with underscores.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This only neutralises bash parameter substitution, but doesn't perform
the proper replacement.
Closes FS#13122.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Lines such as foo=$foo in the PKGBUILD would end up in a
infinite replacement cycle when uploaded, thus the upload
times out. In these kind of lines, $foo is replaced not by
"$foo" again, but deleted (missing value for foo).
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
The web interface was handling comments in the PKGBUILD variable fields
(such as 'source','depends',etc...) differently from makepkg, because
makepkg ignores the rest of the current line if there is a # character,
while the web interface parsed that as well, and listed the words of the
comment as source files.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Just like the previous patch for account_from_sid() over-usage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
This includes only the requested language for each page and
makes top level language include files obsolete.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Add a new function chown_group to recursively change permissions.
Tweak some of the coding style.
Replace some of the redundant string concatenation with a variable.
Thanks to Dan McGee for chmod_group.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Since this module requires root to install
system-wide, and is somewhat rare, it's better
to just include it in the AUR code itself.
Signed-off-by: Simo Leone <simo@archlinux.org>
On a successful package submit there will be a redirect to the package details
page of the packages, no more successful message
Also got rid of the $warning stuff, what the hell was that for?
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Moved some stuff around, rewrote some stuff although the functionality is
exactly the same as before
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Previous fix for this was only half implemented, links now work with both
a new package and an updated one
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
