Percent signs ("%") and underscores ("_") are not escaped by
mysql_real_escape_string() and are interpreted as wildcards if combined
with "LIKE", so we need to deal with them separately.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Implemented recursive directory deletion in PHP properly without the use
of exec(). This improves security, performance and portability and makes
the code compatible with PHP's Safe Mode as well as with PHP setups that
disable exec() using the "disable_functions" directive.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
jsonp callback should have a content type of text/javascipt,
since it specifies a callback function wrapping json data,
and is not soley json data.
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Currently AUR does not check the uploaded packages, whether they are
correctly in UTF8 encoding. If there are fields (such as $pkgdesc)
that contain such non-UTF8 characters, the rpc interface chokes on
those fields: even if there's data successfully retrieved from the
database, rpc returns "null".
In an effort to make such errors in the PKGBUILDs debugged more easily,
let's force rpc to have more useful output: try to convert non-UTF8
fields to UTF8. If it's a success, good. Partial success (some characters
showing as \uXXXX) is ok. Failure results in error message printed to that
field.
Signed-off-by: Gergely Imreh <imrehg@gmail.com>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
All of these are sourcing function libraries so we don't need to include
them more than once. Things that insert actual HTML into the output were
left calling include().
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Refactor the query to use explicit LEFT JOINs, which appears to be handled
by MySQL in a saner fashion than the previous implicit join syntax. This is
part two in a slight fixup for observed slow queries in the production
environment. With the new indexes and this fixup, a particular iteration of
this query will examine only 13346 rows instead of 272060.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
It's performance improvement day today. For non-superusers, we were hitting
the database twice per comment on a package- once to get the UID, and once
to check the owner of the comment. The best part is we already knew the
owner of the comment, and we only need to get our own UID once.
For viewing a package like yaourt, this cuts a single pageview from over 700
queries to around 18, which is still not great but a pretty big improvement.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
