Am 05.09.2011 14:51, schrieb Lukas Fleischer: > On Mon, Sep 05, 2011 at 02:44:29PM +0200, Thomas Bächler wrote: >> Am 03.09.2011 17:49, schrieb Gordon JC Pearce: >>> The other is that switching to https has left AUR in a fundamentally broken >>> state. If you search for a package on AUR with any of the significant >>> search engines, they return an http link. You can't do anything with this, >>> though, because *even if you're logged in* you get the "ZOMG OH NOES YOU >>> AREN'T USING HTTPS AND HTTPS IS TEH AWSUM!!!!11!!11!" message. >>> Now, if clicking on that took you *to the same page but with https* that >>> would be fine, but it doesn't. It unceremoniously dumps you on the index >>> page for AUR, with no way to get back to the package that you googled. >> >> This is a detail you could have shared in your first post and this >> discussion would have been a lot shorter. This is a bug, it belongs to >> the bugtracker and it is (as far as I can see) trivial to fix. >> > > Do not open another ticket, please. There's FS#25757 [1] already and I > sent a patch addressing that bug to aur-dev [2]. I will push that and > update our live setup as soon as I get round to it. > > [1] https://bugs.archlinux.org/task/25757 > [2] http://mailman.archlinux.org/pipermail/aur-dev/2011-August/001864.html
No point to send the patch I just created then (there wasn't anything in aur.git). While looking at it, I noticed that in the action="..." in the login form, there should also be htmlentities or similar around $_SERVER['REQUEST_URI']. Thanks anyway.
signature.asc
Description: OpenPGP digital signature
