Show an icon next to the comment deletion icon, which leads to a
comment edit form.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This also puts the icon to the right and the timestamp in the byline
and wipes out a repeated instance of the byline.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Allow for excluding certain IP addresses from the maintenance mode. This
allows administrators to view the web page while the site is still under
maintenance for the rest of the world.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add support for a maintenance mode that disables both the website and
the SSH interface and can be enabled easily using a configuration
option.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The disown link in the package actions box leads to a new page
(pkgdisown.php) that can be used to confirm package disowning.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Rename the project to help differentiate between the software providing
access to the Arch User Repository and the collection of source packages
itself.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This allows for having multiple co-maintainers for AUR packages.
Co-maintainers have push access to the package base Git repository but
are not allowed to change the package base category, disown the package
or modify the list of co-maintainers. The primary maintainer of an AUR
package can edit the list of co-maintainers from the Package Actions
box.
Implements FS#17911.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Currently, the AUR sites are hard to distinguish from the official
website, especially when browsing Git repositories in cgit. Add "user
repository" to the logo to make it distinguishable from the official
site.
In order to avoid confusion, also change the link in the logo to the AUR
home page instead of the main Arch Linux website.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This can be used to regularly generate lists of packages and package
bases that are made available under /packages.gz and /pkgbase.gz,
respectively.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Users can now delete their own accounts by clicking a link in the
account edit form and confirming the deletion on a follow-up page.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
When closing a package request, Trusted Users can now pick a reason
("Accepted" or "Rejected"). This allows for marking a request as
accepted, even if the corresponding package base has already been
deleted.
Also, the notification email now always explicitly states whether a
request has been accepted or closed in the message body.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Add a new entry to the package actions box that allows for filing
deletion and orphan requests. When choosing that action, the user is
redirected to a new page that allows for selecting a request type and
entering a comment. When submitting the request, a new entry in the
request database is created and an email is sent to a configurable
mailing list (defaults to aur-general).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package actions now operate on package bases instead of packages. Move
all actions to the correct locations.
This also fixes some issues with comment notifications.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This adds package base details pages, similar to the package details
pages. Each package base details page contains general information
(package base name, category, submitter, maintainer, ...) and links to
all the corresponding packages. As on the package details pages,
comments and links to several package actions are also provided.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Extends changes in 81d4cc13dc
* Modify getvotes() to use the package name rather than package ID
* Rename getvotes() to votes_for_pkgname() for clarity with new changes
* Modify routing framework and links to now use package names for voters.php
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Changes adopting/disowning packages to use GET instead of POST
* Uses CSS to make form submit button look like a link
* Complements commit 3bc951e3d8
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
We fixed all known CRSF vulnerabilities in commit 2c93f0a (Implement
token system to fix CSRF vulnerabilities, 2012-06-23). c349cb2 (Add
virtual path support for package actions, 2012-07-17) partly reverted
this by injecting a valid CRSF token when virtual paths are in use.
This patch allows for keeping the virtual path feature, while
reintroducing POST forms and CRSF tokens. Actions like package flagging,
votes and notifications are no longer prone to CRSF (see FS#35437 for
details).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Use Twitter Bootstrap JavaScript framework for typeahead support.
Add a new "suggest" JSON method, which returns the first 20
packages that match the beginning characters of a query.
canyonknight: Link format change, commit message
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Voter page token check takes place in the same way as other
existing token checks. Move the check for consistency.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Display an error page and return a 404 status code in the following
cases:
* An invalid package name is passed to the "packages" action.
* An invalid user name is passed to the "account" action.
* An invalid package action is passed.
* An invalid account action is passed.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package actions now have a separate box on the package details page. Add
a package merge link in that box.
Link leads to a new page (pkgmerge.php) that can be used to confirm package
merging. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Package actions now have a separate box on the package details page. Make
a package deletion link in that box.
Link leads to a new page (pkgdel.php) that can be used to confirm package
deletion. A separate page with confirmation is used to avoid CSRFs.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Setting GET parameters manually is bad style and causes some strange
side effects when using virtual URLs and mkurl().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Spotted when browsing the package details page while being logged out.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
The "UpdateAccount" page displays information as to whether an account
update was successful. All POST account info goes to this page, so use
it with sane URLs.
Before:
AUR_URL/account/?Action=UpdateAccount&U=userfoo
After:
AUR_URL/account/userfoo/update
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Navigation to the "AccountInfo" page should only require a user to know the
username of the account they are looking for. Update all AUR links that use
the user info page to reflect the new URL.
Before:
AUR_URL/account/?Action=AccountInfo&U=userfoo
After:
AUR_URL/account/userfoo
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Link to "/packages/$pkgname/voters/" instead of using "/voters/" and a
get parameter to request a specific package by ID.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This needs to be available on every page since it is needed for
get_uri() and get_pkg_uri() and "web/html/index.php" isn't executed if
the virtual path feature is disabled.
Reported-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
