Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of always parsing the PKGBUILD, only invoke the parser when
there is no meta data (.AURINFO) available. This speeds up the general
case (packages including meta data).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is legacy code. Move it to a separate source file in order to clean
up the submission code. The code will be removed altogether in an
upcoming release.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
A package should only be overwritten if it already belongs to the
package base that is trying to overwrite it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds package base details pages, similar to the package details
pages. Each package base details page contains general information
(package base name, category, submitter, maintainer, ...) and links to
all the corresponding packages. As on the package details pages,
comments and links to several package actions are also provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds full support for the new .AURINFO format used by mkaurball,
including support for split packages.
The old PKGBUILD parser is still available for compatibility reasons.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Deleting a single package without deleting the whole package base makes
no sense. Comments and votes are already stored on a per-package basis,
making this a straightforward extension.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a PackageBases table to the database schema and moves the
following fields from the Packages table to PackageBases:
* CategoryID
* NumVotes
* OutOfDateTS
* SubmittedTS
* ModifiedTS
* SubmitterUID
* MaintainerUID
It also fixes all database accesses to comply with the new layout.
Having a separate PackageBases table is the first step to split package
support. By now, we create one PackageBases entry per package (where the
package base has the same name as the corresponding package). When
adding full support for split packages later, the package base name will
be derived from the pkgbase variable and a single package base will be
shared amongst all packages built from one source package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This improves the ability to edit a user's account directly through
UI features rather than manually appending 'edit' to the URL or
searching for the account and selecting edit.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Extends changes in 81d4cc13dc
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
No need to store package ID and call pkgname_from_id() twice when
the end goal is the package name.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Make use of the "errorlist" class instead of "pkgoutput" which is no
longer defined in the CSS.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Display a deprecation warning when a package without meta data is
submitted. The user can still decide to ignore that warning by
resubmitting the package but doing so is not recommended.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
mkaurball automatically adds .AURINFO meta data when building, so tell
people to use that instead of `makepkg --source`.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There is an extension to the .AURINFO format that supports split
packages. Since there is no support for split packages in the AUR so
far, add a check to identify these cases.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Indentation can be useful if one wants to structure an .AURINFO file.
Remove leading and trailing whitespace from each line before parsing.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Do not remove parentheses from the pkgname to make sure the split
package detection works properly.
Also, fix a regression introduced in 4bb6e88 (pkgsubmit.php: Simplify
package name validation, 2013-03-05) that resulted in the split package
error message never showing up.
Fixes FS#37496.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
According to Trusted User Bylaws, TUs (and only TUs) must take part in
votes. Developers who want to take part in votes should set their account
type to 'Trusted User'.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Use the "errorlist" class for errors.
* Refactor some code.
* Properly display error messages when requesting a key.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Currently, one has to press enter twice in order to submit the package
search form with typeahead completion. Add a workaround to fix this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Directly jump to the package details when selecting an entry from the
drop-down list.
Implements FS#34471.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d8
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The page this links to allows for adding an item to the list of current
votes. Move the link accordingly.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Checking whether to add a comment is something that really does not
belong to a function named display_package_details().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Avoid showing a POST data resubmission dialog and simply redirect to the
package page if a package action completed successfully.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Change the return values of following functions to return both
error/success and an error/success message:
* pkg_flag()
* pkg_unflag()
* pkg_adopt()
* pkg_vote()
* pkg_delete()
* pkg_notify()
* pkg_delete_comment()
* pkg_change_category()
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of defaulting to Català (which is the first entry in the list of
supported languages), choose whatever language the unregistered user is
browsing the AUR in.
Fixes FS#34825.
Suggested-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use forms and POST instead of GET for following actions:
* Flagging/Unflagging a package out-of-date
* Voting for a package and removing votes
* Enabling/Disabling notifications
Use CSS to make the submit buttons of these forms look like links.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This shows a list of all Trusted Users and the vote ID of the last
proposal each of the TUs voted on. This list is sorted by vote ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
There are only four valid reasons for starting a TU vote, so instead of
letting the user choose a vote length, let her pick a reason and set
vote length and quorum based on that selection.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The search_accounts_form() wrapper function doesn't have any
arguments and only makes it unclear what is happening within
account.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We already display the 404 error page if someone tries to access an
invalid package via virtual URLs ("/packages/nonexistent"). Add the same
check to "web/html/packages.php" to make sure the same error is shown if
a user requests package details of a nonexistent package ID via legacy
URLs ("/packages.php?ID=-1").
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Remove the password field from the account creation form and always send
a password reset request via e-mail instead. This ensures that only
users with valid e-mail addresses are able to login.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for reusing reset key submission for other things, such as
sending an initial password reset code during account registration.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for adding a metadata file called ".AURINFO" to source
tarballs to overwrite specific PKGBUILD fields. .AURINFO files are
parsed line by line. The syntax for each line is "key = value", where
key is any of the following field names:
* pkgname
* pkgver
* pkgdesc
* url
* license
* depend
Multiple "depend" lines can be specified to add multiple dependencies.
This format closely matches the .PKGINFO format that is used for binary
packages in pacman/libalpm. It can be extended by field name prefixes or
sections to support split packages later.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Move all PKGBUILD field validations to a central location.
Also, change $pkgbuild[] to $new_pkgbuild[] in order to parse evaluated
PKGBUILD fields instead of raw ones.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).
Also, move the $pkg_name extraction up to fix the split package check.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We used a mixture of account type IDs and account type descriptions on
the account edit page. This resulted in the account type field always
defaulting to "Normal user" after an invalid form had been submitted.
Consistently use account type IDs to avoid this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
