* I tried to remove errors in the sgml-structure
e.g.: <div>
<?php if (foo) { ?>
</div>
<?php } ?>
* I did not remove or add code (except the <table> and <div> stuff, of cause).
I only changed the order of the html/php-tags.
* The bottom and top of the script are now properly indented.
I did not indent the middle part (table of search results) because that would
render the diff completely useless.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Most of the PHP-code was moved to pkgfuncs.php to keep the template simple.
Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Can be used to blacklist package names for normal users. TUs and
developers are not affected. This is especially useful if used together
with a cron job that updates the blacklist periodically, e.g. to reject
packages which are available in the binary repos (FS#12902).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Drop fulltext indexes, which prevent the use of InnoDB, from "Packages"
table. All search routines use "LIKE" patterns, so fulltext search has
actually never been used.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't even touch source tarballs anymore - except for extracting the
PKGBUILD, so this is no longer needed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We don't need this anymore since all packages managed here are
well...managed here. Rip out all of the places we were using this field,
many of which depended on the magic value '2' anyway.
On the display side of things, we had a column that was always showing
'unsupported' that is now gone, and you can no longer sort by this column.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Improves variable substitution in the PKGBUILD parser a bit to avoid
infinite replacement loops when a PKGBUILD contains assigments of the
form "foo=${foo[@]}bar".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Tarball extraction code has been removed in commit
ec0dfc27de, so links to package sources
contained in the source tarball itself will no longer be accessible
through the AUR frontend.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Ensure that the "$row" variable isn't overwritten in
"web/template/pkg_comment_form.php" during sending mail notifications
when adding a comment.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
