Store the last packager in addition to storing the submitter and the
maintainer of a package. This allows for checking who last updated a
package, even if the package has been disowned.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Call pkgbase_user_voted() and pkgbase_user_notify() using the package
base ID instead of using the package ID.
Fixes FS#40165.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Split out package licenses into two separate tables in order to support
multiple licenses per package. The code on the package details page is
adjusted accordingly.
UPGRADING contains instructions on how to convert existing licenses in
the database to the new layout.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds information from the following three fields to the package
details page:
* conflicts
* provides
* replaces
If either of these fields is empty, it is not displayed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Collapse package dependency lists with more than 20 entries and add a
link to show the full list.
The JavaScript code for this originates from the archweb project. Note
that the full list is shown when JavaScript is disabled or unavailable.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a label to makedepends, checkdepends and optdepends on the
package details page. makedepends are labelled with "(make)",
checkdepends with "(check)" and optdepends are labeled with
"(optional)", followed by the optdepend description.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Replace the maintainer package search links with links to the
maintainer's account when browsing the search results as a logged-in
user.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds package base details pages, similar to the package details
pages. Each package base details page contains general information
(package base name, category, submitter, maintainer, ...) and links to
all the corresponding packages. As on the package details pages,
comments and links to several package actions are also provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Move comments from the Packages table to PackageBases. Sharing comments
makes sense since they almost always refer to a source package.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This has been introduced by commit aae43d9 (started working on package
comments, 2005-03-05) but it seems to be of no practical use. Remove the
field to save some space.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for removing users without also removing the corresponding
comments. Instead, all comments from deleted users will be displayed as
"Anonymous comment".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
In order to make votes as neutral as possible, current yes/no votes
should not be shown until the voting period is over.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Quorum is a decimal field, so checking "!$quorum" does not work. Use the
number of active TUs instead which is how we already check whether
participation information is available in other places.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This improves the ability to edit a user's account directly through
UI features rather than manually appending 'edit' to the URL or
searching for the account and selecting edit.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Extends changes in 81d4cc13dc
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d8
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Instead of showing a table with a single "No results found." entry, do
not show the table at all and display the text "No results found." in a
<p></p> container.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The page this links to allows for adding an item to the list of current
votes. Move the link accordingly.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use forms and POST instead of GET for following actions:
* Flagging/Unflagging a package out-of-date
* Voting for a package and removing votes
* Enabling/Disabling notifications
Use CSS to make the submit buttons of these forms look like links.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This shows a list of all Trusted Users and the vote ID of the last
proposal each of the TUs voted on. This list is sorted by vote ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds an field that indicates whether the vote was accepted or
rejected, based on the rules specified in the TU Bylaws.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Compute the total number of votes and the participation at the beginning
of the template instead of doing it inside the template itself.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This is calculated by dividing the sum of all votes by the total number
of TUs (where the number of TUs is measured when the vote starts).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds a field to the users table and corresponding fields to the
account edit and display forms that allow for setting an (in-)activity
status.
This might turn out to be useful if a user is on vacation and can not
respond to update/orphan/deletion requests.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Remove the password field from the account creation form and always send
a password reset request via e-mail instead. This ensures that only
users with valid e-mail addresses are able to login.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We used a mixture of account type IDs and account type descriptions on
the account edit page. This resulted in the account type field always
defaulting to "Normal user" after an invalid form had been submitted.
Consistently use account type IDs to avoid this.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package names and dep conditions can be specially crafted for an XSS
attack. Properly sanitize these variables on the package details page.
In addition, avoid including dep conditions as part of a package link.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use the routing library to build proper URIs instead of relying on the
"REQUEST_URI" server variable which can be manipulated and might return
bogus URIs.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Commit 091c2b5f55 introduced lower casing
to the language drop-down list. Revert this and use htmlspecialchars()
to escape language entries instead.
Addresses FS#32453.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Word-wrap labels in the package statistics box, just as we wrap package
names in the "Recent Updates" box.
Addresses FS#32160.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The main site, wiki, and BBS are using HTTPS exclusively, so link
directly to the correct protocol rather than forcing a redirect.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
