[aur-dev] [PATCH] Add sorting by "Voted" and "Notify" fields
This patch adds the possibility to sort by "Voted" and "Notify" columns
in package search results. Fixes FS#13643 [1] (and maybe also FS#5401
[2]).
[1] http://bugs.archlinux.org/task/13643
[2] http://bugs.archlinux.org/task/5401
>From f2864b6ac2465fa7fe464efedb794373bb2a1862 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer
Date: Sun, 30 May 2010 00:20:42 +0200
Subject: [PATCH] Add sorting by "Voted" and "Notify" fields
---
web/lib/pkgfuncs.inc| 26 --
web/template/pkg_search_form.php|2 +-
web/template/pkg_search_results.php |8 ++--
3 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 49bedc3..43a7a6f 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -515,32 +515,46 @@ function pkg_search_page($SID="") {
$order = $_GET["SO"] == 'd' ? 'DESC' : 'ASC';
+ $q_sort = "ORDER BY Name ".$order.", LocationID ASC, CategoryID DESC ";
switch ($_GET["SB"]) {
case 'c':
- $q.= "ORDER BY CategoryID ".$order.", Name ASC, LocationID ASC
";
+ $q_sort = "ORDER BY CategoryID ".$order.", Name ASC, LocationID
ASC ";
$_GET["SB"] = 'c';
break;
case 'l':
- $q.= "ORDER BY LocationID ".$order.", Name ASC, CategoryID DESC
";
+ $q_sort = "ORDER BY LocationID ".$order.", Name ASC, CategoryID
DESC ";
$_GET["SB"] = 'l';
break;
case 'v':
- $q.= "ORDER BY NumVotes ".$order.", Name ASC, CategoryID DESC ";
+ $q_sort = "ORDER BY NumVotes ".$order.", Name ASC, CategoryID
DESC ";
$_GET["SB"] = 'v';
break;
+ case 'w':
+ if ($SID) {
+ $q_sort = "ORDER BY Voted ".$order.", Name ASC,
CategoryID DESC ";
+ }
+ $_GET["SB"] = 'w';
+ break;
+ case 'o':
+ if ($SID) {
+ $q_sort = "ORDER BY Notify ".$order.", Name ASC,
CategoryID DESC ";
+ }
+ $_GET["SB"] = 'o';
+ break;
case 'm':
- $q.= "ORDER BY Maintainer ".$order.", Name ASC, LocationID ASC
";
+ $q_sort = "ORDER BY Maintainer ".$order.", Name ASC, LocationID
ASC ";
$_GET["SB"] = 'm';
break;
case 'a':
- $q.= "ORDER BY GREATEST(SubmittedTS,ModifiedTS) ".$order.",
Name ASC, LocationID ASC ";
+ $q_sort = "ORDER BY GREATEST(SubmittedTS,ModifiedTS)
".$order.", Name ASC, LocationID ASC ";
$_GET["SB"] = 'a';
break;
default:
- $q.= "ORDER BY Name ".$order.", LocationID ASC, CategoryID DESC
";
break;
}
+ $q.= $q_sort;
+
$q.= "LIMIT ".$_GET["O"].", ".$_GET["PP"];
$result = db_query($q, $dbh);
diff --git a/web/template/pkg_search_form.php b/web/template/pkg_search_form.php
index 88cc698..0947ba8 100644
--- a/web/template/pkg_search_form.php
+++ b/web/template/pkg_search_form.php
@@ -56,7 +56,7 @@
'Name', 'c' => 'Category', 'l' => 'Location', 'v' => 'Votes', 'm' =>
'Maintainer', 'a' => 'Age');
+ $sortby = array('n' =>
'Name', 'c' => 'Category', 'l' => 'Location', 'v' => 'Votes', 'w' => 'Voted',
'o' => 'Notify', 'm' => 'Maintainer', 'a' => 'Age');
foreach ($sortby as $k
=> $v):
if
($_REQUEST['SB'] == $k):
?>
diff --git a/web/template/pkg_search_results.php
b/web/template/pkg_search_results.php
index b7015ce..364a352 100644
--- a/web/template/pkg_search_results.php
+++ b/web/template/pkg_search_results.php
@@ -29,8 +29,12 @@
-
-
+
+ '>
+
+
+ '>
+
--
1.7.1
[aur-dev] [PATCH] Confirmation when deleting packages
This patch adds a confirmation checkbox for package deletion
(non-Javascript solution). Fixes FS#6515 [1].
[1] http://bugs.archlinux.org/task/6515
>From 1011c4643e681793377267002e32ea33f9cf9382 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer
Date: Fri, 25 Jun 2010 17:16:05 +0200
Subject: [PATCH] Confirmation when deleting packages
---
web/html/packages.php |9 +++--
web/lib/pkgfuncs.inc|2 +-
web/template/actions_form.php |2 ++
web/template/pkg_search_results.php |3 +++
4 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/web/html/packages.php b/web/html/packages.php
index 2553590..472f6a2 100644
--- a/web/html/packages.php
+++ b/web/html/packages.php
@@ -46,8 +46,13 @@ if ($_POST['action'] == "do_Flag" ||
isset($_POST['do_Flag'])) {
} elseif ($_POST['action'] == "do_UnVote" || isset($_POST['do_UnVote'])) {
$output = pkg_vote($atype, $ids, False);
} elseif ($_POST['action'] == "do_Delete" || isset($_POST['do_Delete'])) {
- $output = pkg_delete($atype, $ids);
- unset($_GET['ID']);
+ if (isset($_POST['confirm_Delete'])) {
+ $output = pkg_delete($atype, $ids);
+ unset($_GET['ID']);
+ }
+ else {
+ $output = __("The selected packages have not been deleted,
check the confirmation checkbox.");
+ }
} elseif ($_POST['action'] == "do_Notify" || isset($_POST['do_Notify'])) {
$output = pkg_notify($atype, $ids);
} elseif ($_POST['action'] == "do_UnNotify" || isset($_POST['do_UnNotify'])) {
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 43a7a6f..5605daa 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -402,7 +402,7 @@ function package_details($id=0, $SID="") {
* do_UnFlag - Remove out-of-date flag
* do_Adopt - Adopt
* do_Disown - Disown
- * do_Delete - Delete
+ * do_Delete - Delete (requires confirm_Delete to be set)
* do_Notify - Enable notification
* do_UnNotify - Disable notification
*/
diff --git a/web/template/actions_form.php b/web/template/actions_form.php
index de77645..d1559f5 100644
--- a/web/template/actions_form.php
+++ b/web/template/actions_form.php
@@ -47,6 +47,8 @@ if ($row["MaintainerUID"] == 0) {
if ($atype == "Trusted User" || $atype == "Developer") {
echo "\n";
+ echo " ";
+ echo __("Confirm")."\n";
}
?>
diff --git a/web/template/pkg_search_results.php
b/web/template/pkg_search_results.php
index 364a352..bb898df 100644
--- a/web/template/pkg_search_results.php
+++ b/web/template/pkg_search_results.php
@@ -108,6 +108,9 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
+
+
+
--
1.7.1
Re: [aur-dev] Bugs in two PKGBUILDs
On Wed, Sep 08, 2010 at 09:32:45PM +0200, Aljosha Papsch wrote: > I've found two bugs in PKBUILDs: > > fs2_open-svn: line 31: makepkg can't delete the specified directory. > Removing the line solves the problem. > tbp: line 11: a = is missing (variable definition) Nice to see that people check and report bugs in AUR packages, but this is completely the wrong place. You should rather use AUR comments to inform package maintainers about broken/incorrect PKGBUILDs :)
Re: [aur-dev] [PATCH] Geshi AUR implementation
On Wed, Sep 29, 2010 at 01:38:36PM +0200, Manuel Tortosa wrote: > +// Getting variables > +if (!empty($HTTP_POST_VARS)) extract($HTTP_POST_VARS); > +if (!empty($HTTP_GET_VARS)) extract($HTTP_GET_VARS); The use of "$HTTP_POST_VARS" and "$HTTP_GET_VARS" is deprecated and highly discouraged. It won't even work at all if register_long_arrays is disabled. Use "$_POST" and "$_GET" instead. Emulating register_globals behaviour is also deprecated and a potential security flaw. Don't do that. Just use "$_GET['pkgbuild']". > +$file = file_get_contents($pkgbuild, FILE_USE_INCLUDE_PATH); This introduces a remote file inclusion vulnerability allowing an attacker to read arbitrary files since "$pkgbuild" is not validated before passing it to file_get_contents(). Don't apply this patch until everything is fixed, please.
Re: [aur-dev] [PATCH] Simple rework of voters.php
On Wed, Sep 29, 2010 at 02:08:21PM +0200, Manuel Tortosa wrote: > +echo ''; That looks kinda ugly... Why do we need that? I'd just use some "padding"/"margin" if there really needs to be some space. And HTML code should always be put outside the "" tags if there's actually no PHP code (in most cases).
Re: [aur-dev] [PATCH] Convert logout and forgot password to buttons
On Wed, Sep 29, 2010 at 02:23:39PM +0200, Manuel Tortosa wrote: > + " onclick="window.location.href='logout.php'"> > + i> [...] > + " onclick="window.location.href='passreset.php'"> This is not XHTML 1.0 Strict conform. And I'd really prefer something adequate that works without javascript (which is quite easy here).
Re: [aur-dev] [PATCH] Make possible to post patches in comments
On Wed, Sep 29, 2010 at 05:13:18PM +0200, Manuel Tortosa wrote:
> + nl2br(htmlspecialchars($carr['Comments']))) ?>
You should definitely use "" tags here instead of replacing
every occurence of a whitespace (" ") by its HTML entity (" ").
[aur-dev] [PATCH] Bold links in the archnavbar header.
---
web/html/css/archnavbar/archnavbar.css |4
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/web/html/css/archnavbar/archnavbar.css
b/web/html/css/archnavbar/archnavbar.css
index 8d1d785..e8ade28 100644
--- a/web/html/css/archnavbar/archnavbar.css
+++ b/web/html/css/archnavbar/archnavbar.css
@@ -39,3 +39,7 @@ div#archdev-navbar li a { padding: 0 0.5em; color: #07b; }
/* highlight current website */
#archnavbar.anb-aur ul li#anb-aur a { color: white !important; }
+
+/* style the links */
+#archnavbar ul#archnavbarlist li a { color: #999; font-weight: bold
!important; text-decoration: none !important; }
+#archnavbar ul li a:hover { color: white !important; text-decoration:
underline !important; }
--
1.7.3
[aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
This is a bit hacky patch to make links in AUR comments clickable (fixes
FS#20137 [1]). Huge parts of this code are ripped from the DokuWiki
plugin that is also used in Flyspray.
I didn't have any time to test it extensively so I'd suggest to do some
more tests if this will be commited.
[1] https://bugs.archlinux.org/task/20137
---
web/lib/aur.inc | 45 +
web/template/pkg_comments.php |2 +-
2 files changed, 46 insertions(+), 1 deletions(-)
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index bd69c4c..b0cfdc8 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -494,3 +494,48 @@ function salted_hash($passwd, $salt)
}
return md5($salt . $passwd);
}
+
+function parse_link($matches)
+{
+ $name = $url = $matches[0];
+
+ if(substr($url, 0, 3) == 'ftp' && (substr($url, 0, 6) != 'ftp://')) {
+$url = 'ftp://'.$url;
+ }
+ elseif (substr($url, 0, 3) == 'www') {
+$url = 'http://'.$url;
+ }
+
+ $url = str_replace('&', '&', $url);
+ $url = str_replace('&', '&', $url);
+ $url = strtr($url, array('>' => '%3E', '<' => '%3C', '"' => '%22'));
+
+ return '' . $name . '';
+}
+
+function parse_comment($comment)
+{
+ $schemes = array('http', 'https', 'ftp');
+ $ltrs = '\w';
+ $gunk = '\/\#~:.?+=&%...@!\-';
+ $punc = '.:?\-;,';
+ $host = $ltrs . $punc;
+ $any = $ltrs . $gunk . $punc;
+
+ $patterns = array();
+
+ foreach ($schemes as $scheme) {
+$patterns[] = '(\b(?i)' . $scheme . '(?-i):\/\/[' . $any . ']+?(?=[' .
$punc . ']*[^' . $any . ']))';
+ }
+
+ $patterns[] = '(\b(?i)www?(?-i)\.[' . $host . ']+?\.[' . $host . ']+?[' .
$any . ']+?(?=[' . $punc . ']*[^' . $any . ']))';
+ $patterns[] = '(\b(?i)ftp?(?-i)\.['. $host . ']+?\.[' . $host . ']+?[' .
$any . ']+?(?=[' . $punc . ']*[^' . $any . ']))';
+
+ $regex = '/' . implode('|', $patterns) . '/msS';
+
+ $comment = htmlspecialchars($comment);
+ $comment = preg_replace_callback($regex, parse_link, $comment . "\n");
+ $comment = nl2br($comment);
+
+ return $comment;
+}
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 02171a0..2ca9bf0 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -20,7 +20,7 @@ while (list($indx, $carr) = each($comments)) { ?>
?>
-
+
[aur-dev] [PATCH] Minor fix in French translation (FS#20111).
--- web/lang/fr.po |8 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/lang/fr.po b/web/lang/fr.po index 5728947..596f4af 100644 --- a/web/lang/fr.po +++ b/web/lang/fr.po @@ -43,7 +43,7 @@ $_t["Account Suspended"] = "Compte Suspendu"; $_t["Status"] = "Etat"; -$_t["New Package Notify"] = "Annoncer les nouveaux paquets"; +$_t["New Package Notify"] = "Suivre les nouveaux paquets"; $_t["IRC Nick"] = "Pseudo IRC"; @@ -317,7 +317,7 @@ $_t["The above files have been verified (by %s) and are safe to use."] = "Les fi $_t["Could not retrieve information for the specified user."] = "Impossible de retrouver l'information pour l'utilisateur spécifié."; -$_t["UnNotify"] = "Ne plus annoncer"; +$_t["UnNotify"] = "Ne plus suivre"; $_t["You do not have permission to edit this account."] = "Vous n'avez pas la permission d'éditer ce compte."; @@ -369,7 +369,7 @@ $_t["Yes"] = "Oui"; $_t["Search Criteria"] = "Critères de recherche"; -$_t["Notify"] = "Annoncer"; +$_t["Notify"] = "Suivre"; $_t["Go"] = "Aller"; @@ -407,7 +407,7 @@ $_t["Required by"] = "Requis par"; $_t["This package has been flagged out of date."] = "Ce paquet a été marqué comme périmé."; -$_t["Toggle Notify"] = "Annoncer/Ne plus annoncer"; +$_t["Toggle Notify"] = "Suivre/Ne plus suivre"; $_t["Accounts"] = "Comptes"; -- 1.7.3
[aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
--- UPGRADING |4 support/schema/aur-schema.sql |1 + web/lang/cs.po|2 +- web/lang/de.po|2 +- web/lang/el_GR.po |2 +- web/lang/fr.po|2 +- web/lang/he.po|2 +- web/lang/hr.po|2 +- web/lang/hu.po|2 +- web/lang/it.po|2 +- web/lang/nb_NO.po |2 +- web/lang/pl.po|2 +- web/lang/ro.po|2 +- web/lang/ru.po|2 +- web/lang/sr.po|2 +- web/lang/tr.po|2 +- web/lang/uk.po|2 +- web/lang/zh_CN.po |2 +- web/lib/pkgfuncs.inc |3 ++- web/template/pkg_details.php |3 ++- 20 files changed, 25 insertions(+), 18 deletions(-) diff --git a/UPGRADING b/UPGRADING index 743f404..99c5d1a 100644 --- a/UPGRADING +++ b/UPGRADING @@ -1,6 +1,10 @@ Upgrading = +From 1.7.0 +-- +ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NOT NULL; + From 1.6.0 to 1.7.0 --- ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT ''; diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index 250d405..15705a3 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -120,6 +120,7 @@ CREATE TABLE Packages ( LocationID TINYINT UNSIGNED NOT NULL DEFAULT 1, NumVotes INTEGER UNSIGNED NOT NULL DEFAULT 0, OutOfDate TINYINT UNSIGNED DEFAULT 0, + OutOfDateTS BIGINT UNSIGNED NOT NULL, SubmittedTS BIGINT UNSIGNED NOT NULL, ModifiedTS BIGINT UNSIGNED NOT NULL, SubmitterUID INTEGER UNSIGNED NOT NULL DEFAULT 0, -- who submitted it? diff --git a/web/lang/cs.po b/web/lang/cs.po index e430d05..214df00 100644 --- a/web/lang/cs.po +++ b/web/lang/cs.po @@ -15,7 +15,7 @@ global $_t; $_t["Search by"] = "Vyhledat dle"; -$_t["This package has been flagged out of date."] = "BalÃÄek byl oznaÄen jako zastaralý."; +$_t["This package has been flagged out of date"] = "BalÃÄek byl oznaÄen jako zastaralý"; $_t["Voted"] = "Hlasováno"; diff --git a/web/lang/de.po b/web/lang/de.po index 929e6f8..bbaa16b 100644 --- a/web/lang/de.po +++ b/web/lang/de.po @@ -390,7 +390,7 @@ $_t["You are not allowed to access this area."] = "Es ist Dir nicht erlaubt, auf $_t["Unsafe"] = "Unsicher"; -$_t["This package has been flagged out of date."] = "Dieses Paket wurde als veraltet markiert."; +$_t["This package has been flagged out of date"] = "Dieses Paket wurde als veraltet markiert"; $_t["The above files have been verified (by %h%s%h) and are safe to use."] = "Die obigen Dateien wurden (von %h%s%h) als sicher markiert."; diff --git a/web/lang/el_GR.po b/web/lang/el_GR.po index 5f5c96c..4118c18 100644 --- a/web/lang/el_GR.po +++ b/web/lang/el_GR.po @@ -86,7 +86,7 @@ $_t["Unsupported packages are user produced content. Any use of the provided fil $_t["Search by"] = "ÎναζήÏηÏη καÏά"; -$_t["This package has been flagged out of date."] = "ÎÏ ÏÏ Ïο ÏακÎÏο ÎÏει ÏαÏακÏηÏιÏÏεί ÏαÏÏÏημÎνο."; +$_t["This package has been flagged out of date"] = "ÎÏ ÏÏ Ïο ÏακÎÏο ÎÏει ÏαÏακÏηÏιÏÏεί ÏαÏÏÏημÎνο"; $_t["Voted"] = "ΨηÏιÏμÎνο"; diff --git a/web/lang/fr.po b/web/lang/fr.po index 596f4af..1ce1896 100644 --- a/web/lang/fr.po +++ b/web/lang/fr.po @@ -405,7 +405,7 @@ $_t["Out of Date"] = "Périmé"; $_t["Required by"] = "Requis par"; -$_t["This package has been flagged out of date."] = "Ce paquet a été marqué comme périmé."; +$_t["This package has been flagged out of date"] = "Ce paquet a été marqué comme périmé"; $_t["Toggle Notify"] = "Suivre/Ne plus suivre"; diff --git a/web/lang/he.po b/web/lang/he.po index d5c19b7..ad0c558 100644 --- a/web/lang/he.po +++ b/web/lang/he.po @@ -14,7 +14,7 @@ global $_t; $_t["Confirm your e-mail address:"] = "××ש×ר ×ת××ת ×××××´× ×©××"; -$_t["This package has been flagged out of date."] = "×××××× ×ס××× ×ª ××× ×¢××× ×ת."; +$_t["This package has been flagged out of date"] = "×××××× ×ס××× ×ª ××× ×¢××× ×ת"; $_t["Missing a required field."] = "ש×× ××ר×× ×סר."; diff --git a/web/lang/hr.po b/web/lang/hr.po index 93028b7..4d46fec 100644 --- a/web/lang/hr.po +++ b/web/lang/hr.po @@ -162,7 +162,7 @@ $_t["Description"] = "Opis"; $_t["unknown"] = "nepoznato"; -$_t["This package has been flagged out of date."] = "Paket je obilježen kao zastarijeli."; +$_t["This package has been flagged out of date"] = "Paket je obilježen kao zastarijeli"; $_t["No New Comment Notification"] = "Nemoj me viÅ¡e obavjeÅ¡tavati o novim komentarima"; diff --git a/web/lang/hu.po b/web/lang/hu.po index e198ac3..54f3a12 100644 --- a/web/lang/hu.po +++ b/web/lang/hu.po @@ -6,7
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Thu, Sep 30, 2010 at 06:18:24PM +0200, PyroPeter wrote:
> >+ $url = str_replace('&','&', $url);
> >+ $url = str_replace('&', '&', $url);
>
> What about the occurrences of "&(html-entity-code-here);" you
> produced the line before?
Nothing? Any occurrence of an HTML entity code is correctly encoded as
"&". People shouldn't be able to manually insert HTML entities in
comments. The first line is actually even superfluous as I realized just
now since ampersands should already have been replaced by
htmlspecialchars() before at the time this line is executed (didn't
check that before, this part of code has been extracted from the
DokuWiki plugin).
> >+ $patterns[] = '(\b(?i)www?(?-i)\.[' . $host . ']+?\.[' . $host . ']+?[' .
> >$any . ']+?(?=[' . $punc . ']*[^' . $any . ']))';
> >+ $patterns[] = '(\b(?i)ftp?(?-i)\.['. $host . ']+?\.[' . $host . ']+?[' .
> >$any . ']+?(?=[' . $punc . ']*[^' . $any . ']))';
>
> I am not that experienced with PHP, but this looks like the $patterns
> array got replaced instead of extended.
Nope, it doesn't. Check [1].
> >+ $comment = htmlspecialchars($comment);
>
> Won't this render the next instruction useless if there are
> html-characters in a link?
Nope. Links need to be escaped as well. Not sure what happens if a link
contains quotes or "<"/">". This shouldn't happen too often tho.
> Generally I would not make hostnames ("www.foo.tld") clickable.
> If people are not able to provide proper URL's, they have a serious
> problem. (there is also the technical argument that the hostname is not
> a good indicator for the kind of service the host provides.)
Why not? What if you explicitly want to link to a project's home page?
It'll also just convert hostnames if they start with a "www" or "ftp"
subdomain, so comments refering to domains in other ways won't be
converted.
[1]
http://www.php.net/manual/de/language.types.array.php#language.types.array.syntax.modifying
Re: [aur-dev] AUR update
On Thu, Sep 30, 2010 at 07:28:21PM +0200, Netanel Shine wrote: > when we gonna see the AUR-gets update? > > adding all the fixes.. new translations and the other commites? The AUR has been updated just about a week ago :) It's now on 1.7.0.
Re: [aur-dev] AUR update
On Thu, Sep 30, 2010 at 08:34:52PM +0300, Panos Filip wrote: > What I would really like to see is if the new patches from CCR will go > through testing for AUR 1.8 :) Erm... http://chakra-project.org/ccr/pkgbuildview.php?pkgbuild=../../../../../etc/passwd *sigh*
Re: [aur-dev] AUR update
On Thu, Sep 30, 2010 at 11:16:55PM +0530, Gaurish Sharma wrote: > OMG!! I already told Manuel about this security vulnerability yesterday [1]. He didn't seem to do anyting against it yet tho. My advice is not to include any of those patches without proper review. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001242.html
Re: [aur-dev] [PATCH] Geshi AUR implementation
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote: > > This introduces a remote file inclusion vulnerability allowing an > > attacker to read arbitrary files since "$pkgbuild" is not validated > > before passing it to file_get_contents(). > > > > Don't apply this patch until everything is fixed, please. > Thanks for your suggestions, i added them all to CCR ;) Btw, this is still not fixed! Have a look at [1]. You should consider using basename(), realpath() and/or regexp to check the PKGBUILD path. Also check [2], [3]. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001268.html [2] http://www.madirish.net/?article=427 [3] http://www.acunetix.com/websitesecurity/php-security-3.htm
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Thu, Sep 30, 2010 at 08:56:56PM +0200, PyroPeter wrote:
> Well, but you are encoding existing entities, that are not "&" as
> "&foo;". See the example below.
Yep, and that's how it's supposed to be. There shouldn't be any entities
that users put in the comments and that are not encoded.
> I see, "$var[] = foo" creates the array $var if necessary and appends
> foo.
Correct.
> Imo, you should split the message at the link boundaries.
> ( "foo ", "http://foo.bar.tld";, " baz")
> Then you should encode the html-entities in all elements, wrap the links
> in 's, and then join all that together.
Yes... That would be cleaner, but also way more complicated to implement
and would require huge amounts of code for making links clickable.
> == example 1 ==
>
> input: "foo http://foo.tld/iLikeToUseApersands/foo&bar.html baz"
>
> If I am not mistaken, $regex would be
> "/http://foo.tld/iLikeToUseApersands/foo&bar.html/msS";
> (are the "/" correctly escaped? I will assume they are.)
>
> Then, $regex would be:
> "/http:\/\/foo\.tld\/iLikeToUseApersands\/foo&bar\.html/msS"
>
> $comment would be set by htmlspecialchars() to:
> "foo http://foo.tld/iLikeToUseApersands/foo&bar.html baz"
>
> => preg_replace_callback() would not match, as & got replaced.
Why should it not work? preg_replace_callback() still matches if the URL
contains a semicolon. This will be parsed and output a valid link
(tested with current GIT version and patch applied).
> You can also link to a homepage using valid URL's. The additional
> "feature" may be nice, but makes the code more complex. It also
> trains users to omit the "http://"; and produces more work for devs,
> as they all now have to parse this invalid hostname+path stuff.
Hm, that's a question of taste. We'll let Loui decide :p
> Unrelated: You seem to accept only a-zA-Z in hostnames? Or does
> PHP's \w include 0-9 and language-dependent letters? What about
> underscores?
"\w" in perl compatible regex includes all alphanumeric characters plus
the underscore ("_").
> Why does the 's content only include the Path of the URL?
It doesn't. The ""'s content contains excactly what the user
typed (with special chars converted by htmlspecialchars()).
Please don't just assume things but test your examples using a current
GIT checkout with the patch applied in future.
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Fri, Oct 01, 2010 at 02:15:41PM +0200, PyroPeter wrote: > I did not mean to offend you, and after applying the patch (which I > should have done before sending the mails, you are right) your code > in fact seems to work a lot better then I thought. I didn't feel offended in any way, but reporting bugs that don't exist is just counterproductive and a waste of time. > While testing, I found a bug: > Post this URL: http://foo.bar/<><>; > It seems to trigger two bugs at once, first, the regex does not match > whole URL, and second, the href is escaped twice. I already said that there might be problems if the URL contains quotes or less-than/greater-than symbols in another mail [1]. This can be fixed by removing the first str_replace() (which I also proposed in the same mail) or by repeating the second str_replace() for """, "'", "<" and ">" (which might be even better from the perspective of security). However, I don't think such URLs will be a common use case. The second "bug" is expected behaviour, since punctuation marks at the end of URLs shouldn't be included in the URL itself (imagine someone putting a link at the end of a senctence). This is also how DokuWiki and Flyspray behave. If there really is an URL requiring a punctuation mark at the end of the URL (which there shouldn't be at all), this can be remarked in the comment itself. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001263.html
Re: [aur-dev] AUR update
On Thu, Sep 30, 2010 at 09:54:00PM +0200, PyroPeter wrote: > >I tried to do something but i failed. i removed this completelly and > >changed all the password and so but now i'm completelly disolated.. > > There were no passwords in that file. (They are saved in /etc/shadow) > Without that file your server won't boot. There are passwords in other files (especially web applications that often have MySQL passwords and stuff like that in config files) that are readable by the user the web server is being run as.
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Fri, Oct 01, 2010 at 04:59:22PM +0200, PyroPeter wrote: > I fixed the bugs and changed the indention to tabs. > I also changed the regex to one that accepts everything > that starts with one of 'http', 'https' or 'ftp' followed by > a colon ":", contains no whitespace and ends with a letter (\w) > or a slash "/". > It also parses hostnames starting with "www." and ending > in a 2 to 5 letters long TLD consisting of only a-z. > > [...] This won't match URLs like "https://aur.archlinux.org/packages.php?O=0&K="; and an ampersand at the end of an URL won't be converted correctly :/ I'll try to implement it a more proper way the next days. Maybe I'll actually go with splitting comments at link boundaries as you suggested before... :)
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Fri, Oct 01, 2010 at 06:23:06PM +0200, PyroPeter wrote: > About splitting at boundaries: Contrary to what I have said before, > using regular expressions seems to be a valid and efficient way. > (I thought you would have to escape tag-content and attributes in > different ways (percent-encoding vs. html-entities). After reading > the HTML4 specification I realized this is not the case, as content and > attributes are both escaped using html-entities) Using regular expressions is an efficient way, but they should be applied before htmlspecialchars() or anything similar is applied. E.g. we could use preg_match() or preg_match_all() with PREG_OFFSET_CAPTURE to get the positions of all links, then call a function, that converts links and converts the stings as necessary, and convert the parts that don't contain any links separately using htmlspecialchars().
Re: [aur-dev] [PATCH] Add smilies to comments
On Sun, Oct 03, 2010 at 08:14:52AM -0400, Loui Chang wrote: > I'm not really big on eyecandy to be honest. > I prefer really simple clean interfaces. > > I would like to hear more feedback about this. I agree. No need for smilies in AUR comments.
Re: [aur-dev] [PATCH] PKGBUILD syntax highlight
On Sun, Oct 03, 2010 at 11:37:46AM +0200, Manuel Tortosa wrote:
> +$file = URL_DIR . "/".
> urlencode(basename($_GET['p']))."/".urlencode(basename($_GET['p']))."/PKGBUILD";
>
> +
> +if (is_file($file)) {
> + $text = file_get_contents($file);
> +} else {
> + $text = "";
> +}
This looks much better now :) I don't get the point of using urlencode()
here tho.
Re: [aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
On Fri, Oct 01, 2010 at 10:39:37PM -0400, Loui Chang wrote: > I was thinking - could we just change things so that OutOfDateTS is the > sole indicator of whether a package has been flagged or not? > > If it's set, then it's out of date. > If it's zero or null, then it's up to date. I basically agree and I already changed the patch to only the "OutOfDateTS" column only. The only thing that I'm not sure how to implement is the migration code, notably the default timestamp to use for packages that are flagged out-of-date when upgrading. Which is the best value to choose? Zero? UNIX_TIMESTAMP()?
[aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
Comments are now split at link boundaries and links are converted
separately. I find this to be a much cleaner way than re-converting
comments that have already been converted using htmlspecialchars(). This
also doesn't require any callback procedure.
---
web/lib/aur.inc | 24
web/template/pkg_comments.php |2 +-
2 files changed, 25 insertions(+), 1 deletions(-)
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index bd69c4c..a6292ca 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -494,3 +494,27 @@ function salted_hash($passwd, $salt)
}
return md5($salt . $passwd);
}
+
+function parse_comment($comment)
+{
+ $url_pattern = '/(\b(?:https?|ftp):\/\/[\w\/\#~:.?+=&%...@!\-;,]+?' .
+ '(?=[.:?\-;,]*(?:[^\w\/\#~:.?+=&%...@!\-;,]|$)))/iS';
+
+ $matches = preg_split($url_pattern, $comment, -1,
+ PREG_SPLIT_DELIM_CAPTURE);
+
+ $html = '';
+ for ($i = 0; $i < count($matches); $i++) {
+ if ($i % 2) {
+ # convert links
+ $html .= '' . htmlspecialchars($matches[$i]) . '';
+ }
+ else {
+ # convert everything else
+ $html .= nl2br(htmlspecialchars($matches[$i]));
+ }
+ }
+
+ return $html;
+}
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 02171a0..2ca9bf0 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -20,7 +20,7 @@ while (list($indx, $carr) = each($comments)) { ?>
?>
-
+
Re: [aur-dev] [PATCH] PKGBUILD syntax highlight
On Mon, Oct 04, 2010 at 10:51:54PM +0200, PyroPeter wrote: > >It changes / to %2F so /etc/passwd would result in a broken path. > > > > Assuming that basename does what basename(1) does, it will never > output a slash. /etc/passwd would yield "passwd". Yes, there's no need to additionally use urlencode() here. It's just the wrong function for this purpose. If you want to be absolutely sure that no one accesses files outside the upload directory, you can additionally use realpath() after building the path and check if the left part of the absolute path matches the upload directory, but this shouldn't be necessary if there are no symlinks or something similar in the directories referencing files outside.
Re: [aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
On Sun, Oct 03, 2010 at 01:35:45PM -0500, Dan McGee wrote: > On Sun, Oct 3, 2010 at 1:34 PM, Lukas Fleischer > wrote: > > I basically agree and I already changed the patch to only the > > "OutOfDateTS" column only. The only thing that I'm not sure how to > > implement is the migration code, notably the default timestamp to use > > for packages that are flagged out-of-date when upgrading. > > > > Which is the best value to choose? Zero? UNIX_TIMESTAMP()? > > Current time is probably the best idea. I also have no idea why this > isn't just a datetime column. It isn't a DATETIME cause I just copy/pasted the "ModifiedTS" column. Loui, is there any reason for using BIGINTs instead of DATETIMEs for timestamps?
[aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
---
UPGRADING |6 ++
support/schema/aur-schema.sql |3 +--
web/html/pkgsubmit.php |2 +-
web/lang/ca.po |2 +-
web/lang/cs.po |2 +-
web/lang/de.po |4 ++--
web/lang/el_GR.po |2 +-
web/lang/es.po |2 +-
web/lang/fr.po |4 ++--
web/lang/he.po |2 +-
web/lang/hr.po |2 +-
web/lang/hu.po |2 +-
web/lang/it.po |4 ++--
web/lang/nb_NO.po |2 +-
web/lang/pl.po |2 +-
web/lang/pt.po |2 +-
web/lang/ro.po |2 +-
web/lang/ru.po |4 ++--
web/lang/sr.po |2 +-
web/lang/tr.po |2 +-
web/lang/uk.po |2 +-
web/lang/zh_CN.po |2 +-
web/lib/aurjson.class.php |2 +-
web/lib/pkgfuncs.inc| 13 +
web/lib/stats.inc |2 +-
web/template/actions_form.php |2 +-
web/template/pkg_details.php|5 +++--
web/template/pkg_search_results.php |2 +-
28 files changed, 47 insertions(+), 36 deletions(-)
diff --git a/UPGRADING b/UPGRADING
index 743f404..bbf60f0 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -1,6 +1,12 @@
Upgrading
=
+From 1.7.0 to 1.8.0
+---
+ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL;
+UPDATE Packages SET OutOfDateTS = UNIX_TIMESTAMP() WHERE OutOfDate = 1;
+ALTER TABLE Packages DROP OutOfDate;
+
From 1.6.0 to 1.7.0
---
ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql
index 250d405..93ec9a0 100644
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@@ -119,7 +119,7 @@ CREATE TABLE Packages (
License CHAR(40) NOT NULL DEFAULT '',
LocationID TINYINT UNSIGNED NOT NULL DEFAULT 1,
NumVotes INTEGER UNSIGNED NOT NULL DEFAULT 0,
- OutOfDate TINYINT UNSIGNED DEFAULT 0,
+ OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL,
SubmittedTS BIGINT UNSIGNED NOT NULL,
ModifiedTS BIGINT UNSIGNED NOT NULL,
SubmitterUID INTEGER UNSIGNED NOT NULL DEFAULT 0, -- who submitted
it?
@@ -130,7 +130,6 @@ CREATE TABLE Packages (
INDEX (CategoryID),
INDEX (LocationID),
INDEX (DummyPkg),
- INDEX (OutOfDate),
INDEX (NumVotes),
INDEX (SubmitterUID),
INDEX (MaintainerUID),
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 6f7a669..5ce945d 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -313,7 +313,7 @@ if ($_COOKIE["AURSID"]):
}
# Update package data
- $q = sprintf("UPDATE Packages SET ModifiedTS =
UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description =
'%s', URL = '%s', LocationID = 2, FSPath = '%s', URLPath = '%s', OutOfDate = 0
WHERE ID = %d",
+ $q = sprintf("UPDATE Packages SET ModifiedTS =
UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description =
'%s', URL = '%s', LocationID = 2, FSPath = '%s', URLPath = '%s', OutOfDateTS =
NULL WHERE ID = %d",
mysql_real_escape_string($new_pkgbuild['pkgname']),
mysql_real_escape_string($new_pkgbuild['pkgver']),
mysql_real_escape_string($new_pkgbuild['pkgrel']),
diff --git a/web/lang/ca.po b/web/lang/ca.po
index 72118f6..0f6ee45 100644
--- a/web/lang/ca.po
+++ b/web/lang/ca.po
@@ -367,7 +367,7 @@ $_t["You must be logged in before you can get notifications
on comments."] = "He
$_t["You must be logged in before you can vote for packages."] = "Heu
d'identificar-vos abans de votar paquets.";
-$_t["The selected packages have been flagged out-of-date."] = "Els paquets
seleccionats s'han marcat com No-Actualitzats.";
+$_t["The selected packages have been flagged out-of-date"] = "Els paquets
seleccionats s'han marcat com No-Actualitzats";
$_t["The selected packages have been deleted."] = "Els paquets seleccionats
s'han esborrat.";
diff --git a/web/lang/cs.po b/web/lang/cs.po
index e430d05..dc2be9d 100644
--- a/web/lang/cs.po
+++ b/web/lang/cs.po
@@ -335,7 +335,7 @@ $_t["Proposal"] = "Návrh";
$_t["Error trying to unpack upload - PKGBUILD does not exist."] = "Došlo k
chybě při snaze rozbalit archiv - PKGBUILD nenalezen.";
-$_t["The selected packages have been flagged out-of-date."] = "Zvoleným
balíčkům byl nastaven příznak zastaralé.";
+$_t["The selected packages have been flagged out-of
Re: [aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
Gnah, made a mistake with converting i8n files. This should hopefully
work :)
---
UPGRADING |6 ++
support/schema/aur-schema.sql |3 +--
web/html/pkgsubmit.php |2 +-
web/lang/cs.po |2 +-
web/lang/de.po |2 +-
web/lang/el_GR.po |2 +-
web/lang/fr.po |2 +-
web/lang/he.po |2 +-
web/lang/hr.po |2 +-
web/lang/hu.po |2 +-
web/lang/it.po |2 +-
web/lang/nb_NO.po |2 +-
web/lang/pl.po |2 +-
web/lang/ro.po |2 +-
web/lang/ru.po |2 +-
web/lang/sr.po |2 +-
web/lang/tr.po |2 +-
web/lang/uk.po |2 +-
web/lang/zh_CN.po |2 +-
web/lib/aurjson.class.php |2 +-
web/lib/pkgfuncs.inc| 13 +
web/lib/stats.inc |2 +-
web/template/actions_form.php |2 +-
web/template/pkg_details.php|5 +++--
web/template/pkg_search_results.php |2 +-
25 files changed, 40 insertions(+), 29 deletions(-)
diff --git a/UPGRADING b/UPGRADING
index 743f404..bbf60f0 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -1,6 +1,12 @@
Upgrading
=
+From 1.7.0 to 1.8.0
+---
+ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL;
+UPDATE Packages SET OutOfDateTS = UNIX_TIMESTAMP() WHERE OutOfDate = 1;
+ALTER TABLE Packages DROP OutOfDate;
+
From 1.6.0 to 1.7.0
---
ALTER TABLE Users ADD Salt CHAR(32) NOT NULL DEFAULT '';
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql
index 250d405..93ec9a0 100644
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@@ -119,7 +119,7 @@ CREATE TABLE Packages (
License CHAR(40) NOT NULL DEFAULT '',
LocationID TINYINT UNSIGNED NOT NULL DEFAULT 1,
NumVotes INTEGER UNSIGNED NOT NULL DEFAULT 0,
- OutOfDate TINYINT UNSIGNED DEFAULT 0,
+ OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL,
SubmittedTS BIGINT UNSIGNED NOT NULL,
ModifiedTS BIGINT UNSIGNED NOT NULL,
SubmitterUID INTEGER UNSIGNED NOT NULL DEFAULT 0, -- who submitted
it?
@@ -130,7 +130,6 @@ CREATE TABLE Packages (
INDEX (CategoryID),
INDEX (LocationID),
INDEX (DummyPkg),
- INDEX (OutOfDate),
INDEX (NumVotes),
INDEX (SubmitterUID),
INDEX (MaintainerUID),
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 6f7a669..5ce945d 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -313,7 +313,7 @@ if ($_COOKIE["AURSID"]):
}
# Update package data
- $q = sprintf("UPDATE Packages SET ModifiedTS =
UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description =
'%s', URL = '%s', LocationID = 2, FSPath = '%s', URLPath = '%s', OutOfDate = 0
WHERE ID = %d",
+ $q = sprintf("UPDATE Packages SET ModifiedTS =
UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description =
'%s', URL = '%s', LocationID = 2, FSPath = '%s', URLPath = '%s', OutOfDateTS =
NULL WHERE ID = %d",
mysql_real_escape_string($new_pkgbuild['pkgname']),
mysql_real_escape_string($new_pkgbuild['pkgver']),
mysql_real_escape_string($new_pkgbuild['pkgrel']),
diff --git a/web/lang/cs.po b/web/lang/cs.po
index e430d05..214df00 100644
--- a/web/lang/cs.po
+++ b/web/lang/cs.po
@@ -15,7 +15,7 @@ global $_t;
$_t["Search by"] = "Vyhledat dle";
-$_t["This package has been flagged out of date."] = "Balíček byl označen jako
zastaralý.";
+$_t["This package has been flagged out of date"] = "Balíček byl označen jako
zastaralý";
$_t["Voted"] = "Hlasováno";
diff --git a/web/lang/de.po b/web/lang/de.po
index 929e6f8..bbaa16b 100644
--- a/web/lang/de.po
+++ b/web/lang/de.po
@@ -390,7 +390,7 @@ $_t["You are not allowed to access this area."] = "Es ist
Dir nicht erlaubt, auf
$_t["Unsafe"] = "Unsicher";
-$_t["This package has been flagged out of date."] = "Dieses Paket wurde als
veraltet markiert.";
+$_t["This package has been flagged out of date"] = "Dieses Paket wurde als
veraltet markiert";
$_t["The above files have been verified (by %h%s%h) and are safe to use."] =
"Die obigen Dateien wurden (von %h%s%h) als sicher markiert.";
diff --git a/web/lang/el_GR.po b/web/lang/el_GR.po
index 5f5c96c..4118c18 100644
--- a/web/lang/el_GR.po
+++ b/web/lang/el_GR.po
@@ -86,7 +86,7 @@ $_t["Unsupported packages are user produced content. Any use
of the provided fil
Re: [aur-dev] [PATCH] Add timestamp when a package is flagged out-of-date (FS#20848).
On Thu, Oct 07, 2010 at 11:09:36PM -0400, Loui Chang wrote:
> This:
> > + echo "".__("This package has
> > been flagged out of date")." (".$out_of_date_time.")";
>
> Could change to this:
> > + echo "".__("This package has
> > been flagged out of date.")." ($out_of_date_time)";
Well, it's just a cosmetic change. Having the date in brackets after a
punctuation mark looked ugly to me, so I removed the period everywhere.
If you want me to keep the patch simple and don't care about the period,
I can revert this change and send another patch.
Re: [aur-dev] bold title bar
On Wed, Oct 27, 2010 at 03:10:10AM +0200, Martti Kühne wrote: > btw... when is the title bar update to be made? By the way, I posted a patch for this here some time ago [1]. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001253.html
Re: [aur-dev] [PATCH] Do not display current votes in All Votes
On Tue, Nov 02, 2010 at 05:47:12PM +0100, Andrea Scarpino wrote:
> - $q = "SELECT * FROM TU_VoteInfo ORDER BY Submitted " . $order .
> $lim;
> + $q = "SELECT * FROM TU_VoteInfo WHERE End < " . time() . "
> ORDER BY Submitted " . $order . $lim;
> $result = db_query($q, $dbh);
>
> $type = __("All Votes");
Looks good in general but why should current votes not be listed in the
"All Votes" section? I'd suggest renaming "All Votes" to "Closed Votes"
or something similar then.
[aur-dev] [PATCH 1/2] Allow canonical links to packages (fixes FS#21600).
---
web/html/packages.php |6 ++
web/lib/pkgfuncs.inc | 16
web/template/pkg_comments.php |2 +-
3 files changed, 23 insertions(+), 1 deletions(-)
diff --git a/web/html/packages.php b/web/html/packages.php
index 472f6a2..c777346 100644
--- a/web/html/packages.php
+++ b/web/html/packages.php
@@ -10,6 +10,8 @@ check_sid(); # see if they're still logged in
# Set the title to the current query if required
if (isset($_GET['ID'])) {
if ($pkgname = pkgname_from_id($_GET['ID'])) { $title = $pkgname; }
+} else if (isset($_GET['N'])) {
+ $title = $pkgname = $_GET['N'];
} else if (!empty($_GET['K'])) {
$title = __("Search Criteria") . ": " . $_GET['K'];
} else {
@@ -74,6 +76,10 @@ if (isset($_GET['ID'])) {
} else {
package_details($_GET['ID'], $_COOKIE["AURSID"]);
}
+} else if (isset($_GET['N'])) {
+ include('pkg_search_form.php');
+ $id = pkgid_from_name($_GET['N']);
+ package_details($id, $_COOKIE["AURSID"]);
} else {
if (!isset($_GET['K']) && !isset($_GET['SB'])) {
$_GET['SB'] = 'v';
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 5605daa..a2b9efd 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -300,6 +300,22 @@ function pkgnotify_from_sid($sid="") {
return $pkgs;
}
+# get ID of package based on its name
+#
+function pkgid_from_name($name = "") {
+ if (!empty($name)) {
+ $dbh = db_connect();
+ $q = "SELECT ID FROM Packages WHERE Name = '" .
mysql_real_escape_string($name) . "'";
+ $result = db_query($q, $dbh);
+ if (mysql_num_rows($result) > 0) {
+ $id = mysql_result($result, 0);
+ } else {
+ $id = "";
+ }
+ }
+ return $id;
+}
+
# get name of package based on pkgid
#
function pkgname_from_id($id="") {
diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 02171a0..c541d67 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -29,7 +29,7 @@ while (list($indx, $carr) = each($comments)) { ?>
10 && !isset($_GET['comments'])) {
echo '';
echo ''. __('Show all %s comments', $count) . '';
--
1.7.3.2
[aur-dev] [PATCH 2/2] Allow canonical links to accounts (fixes FS#21600, FS#9582).
---
web/html/account.php | 15 +++
1 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/web/html/account.php b/web/html/account.php
index e8a3218..bf84989 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -69,10 +69,17 @@ if (isset($_COOKIE["AURSID"])) {
} elseif ($_REQUEST["Action"] == "AccountInfo") {
# no editing, just looking up user info
#
- $q = "SELECT Users.*, AccountTypes.AccountType ";
- $q.= "FROM Users, AccountTypes ";
- $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ if (isset($_REQUEST["ID"])) {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.ID = ".intval($_REQUEST["ID"]);
+ } else {
+ $q = "SELECT Users.*, AccountTypes.AccountType ";
+ $q.= "FROM Users, AccountTypes ";
+ $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
+ $q.= "AND Users.Username =
'".mysql_real_escape_string($_REQUEST["U"]) . "'";
+ }
$result = db_query($q, $dbh);
if (!mysql_num_rows($result)) {
print __("Could not retrieve information for the
specified user.");
--
1.7.3.2
Re: [aur-dev] Reqest to delete package
On Thu, Nov 11, 2010 at 05:56:06PM +1000, joker-...@yandex.ru wrote: > Please, delete "kdeplasma-addons-applets-smooth-tasks" > http://aur.archlinux.org/packages.php?ID=43404 it's dublicate of > http://aur.archlinux.org/packages.php?ID=29410 (my mistake) Done. Please use the correct mailing list (aur-general) next time. This ML is for AUR development only.
[aur-dev] [PATCH] Do not overwrite package details when adding comments (fixes FS#22075).
Ensure that the "$row" variable isn't overwritten in
"web/template/pkg_comment_form.php" during sending mail notifications
when adding a comment.
---
web/template/pkg_comment_form.php |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/web/template/pkg_comment_form.php
b/web/template/pkg_comment_form.php
index 70570da..368d49b 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -25,7 +25,7 @@ if (isset($_REQUEST['comment'])) {
array_push($bcc, $row['Email']);
}
- $q = 'SELECT Packages.Name ';
+ $q = 'SELECT Packages.* ';
$q.= 'FROM Packages ';
$q.= 'WHERE Packages.ID = ' . intval($_REQUEST['ID']);
$result = db_query($q, $dbh);
--
1.7.3.5
Re: [aur-dev] [PATCH] Make external links in comments clickable (FS#20137).
On Sun, Oct 03, 2010 at 09:51:45PM +0200, Lukas Fleischer wrote: > Comments are now split at link boundaries and links are converted > separately. I find this to be a much cleaner way than re-converting > comments that have already been converted using htmlspecialchars(). This > also doesn't require any callback procedure. > > --- > web/lib/aur.inc | 24 > web/template/pkg_comments.php |2 +- > 2 files changed, 25 insertions(+), 1 deletions(-) Pushed this.
Re: [aur-dev] [PATCH] Do not overwrite package details when adding comments (fixes FS#22075).
On Tue, Jan 11, 2011 at 10:38:24AM +0100, Lukas Fleischer wrote: > Ensure that the "$row" variable isn't overwritten in > "web/template/pkg_comment_form.php" during sending mail notifications > when adding a comment. > --- > web/template/pkg_comment_form.php |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) Pushed this.
Re: [aur-dev] [PATCH] Drop PackageLocations table and references
On Sat, Jan 29, 2011 at 04:20:06PM -0600, Dan McGee wrote:
> We don't need this anymore since all packages managed here are
> well...managed here. Rip out all of the places we were using this field,
> many of which depended on the magic value '2' anyway.
>
> On the display side of things, we had a column that was always showing
> 'unsupported' that is now gone, and you can no longer sort by this column.
Sounds like a good idea to me. I just applied it to my working tree and
it basically looks fine. As far as I can see by now, you only broke one
SQL query:
> @@ -324,9 +293,8 @@ function package_details($id=0, $SID="") {
> $atype = account_from_sid($SID);
> $uid = uid_from_sid($SID);
>
> - $q = "SELECT Packages.*,Location,Category ";
> - $q.= "FROM Packages,PackageLocations,PackageCategories ";
> - $q.= "WHERE Packages.LocationID = PackageLocations.ID ";
> + $q = "SELECT Packages.*,Category ";
> + $q.= "FROM Packages,PackageCategories ";
> $q.= "AND Packages.CategoryID = PackageCategories.ID ";
... should be patched to use "WHERE" instead of "AND" of course.
> $q.= "AND Packages.ID = " . intval($id);
> $dbh = db_connect();
Apart from this, I have no objections against pushing this. I already
commited that to my working tree. Just let me do some more testing :)
Re: [aur-dev] [PATCH] Drop PackageLocations table and references
On Mon, Jan 31, 2011 at 11:18:15AM -0600, Dan McGee wrote: > We don't need this anymore since all packages managed here are > well...managed here. Rip out all of the places we were using this field, > many of which depended on the magic value '2' anyway. > > On the display side of things, we had a column that was always showing > 'unsupported' that is now gone, and you can no longer sort by this column. > > Signed-off-by: Dan McGee > --- > > Totally embarassing there; this is the correct patch with the necessary > corrections. Nothing to be ashamed of :p Rebased my working tree, looks fine now. Thanks! :)
[aur-dev] Package blacklist for the AUR
Hi! I recently started working on a package blacklist for the official AUR which can e.g. be used to prevent people from uploading packages in the official repos to [unsupported] (cf. FS#12902 [1]). Patches can be found in the "pkg-blacklist" branch of my working tree [2]. They currently include some code that adds a "PackageBlacklist" table and a hacky helper utility that can be used to update that table by sync'ing it with some binary repos. Constructive criticism and suggestions welcome! [1] https://bugs.archlinux.org/task/12902 [2] http://git.cryptocrack.de/aur.git/log/?h=pkg-blacklist
Re: [aur-dev] Package blacklist for the AUR
On Mon, Feb 07, 2011 at 10:08:54AM -0600, Dan McGee wrote: > AUR side: > * Using CHAR as a datatype is absolutely silly in new code, use > VARCHAR, and why do anything shorter than 255 or 512? > * On that note, almost all CHAR usages in the current schema are silly > and should be using VARCHAR- anything on the Packages table, > PackageCategories, PackageSources, TU_VoteInfo, AccountTypes, > Username/Email/Passwd/IRCNick on Users. I just copied that from another table schema, but you're absolutely right. I'll work on replacing all that CHAR stuff with VARCHARs later. Might become a kinda ugly updating process from 1.7.0 to 1.8.0 :) > * Why not just make "Name" your primary key? The ID column is never used. I'm not really sure about this. Some people insist on always having an "ID" column. This will become useful if we add some web frontend to the blacklist, e.g. Not sure if there are any coding guidelines about this at all, but it's correct that we don't necessarily need this here. > Blacklist helper side: > * I won't lie, I think this is over-engineered a tad. This can be done > in a much shorter and easier to hack shell script since all you need > is package names- just pipe bsdtar output through some magic and you > have package names. I've attached a sample starter script I use for > archweb updates. I'd probably have it call bsdtar and then who knows > what. Our consensus was not to fetch tarballs via HTTP and extract them here, but use libalpm instead. We already discussed using a small PHP script that uses Archive::Tar (PEAR) but discarded that. Using libalpm, future database format changes won't affect us and it just seems cleaner. Of course, we could do that with some shell script which would have to do following things tho: - parse the AUR "config.inc" file: read MySQL host name, socket, user name, password - use pacman(8) to sync local databases - convert packages to MySQL queries using some sed(1)/awk(1) magic - pipe stuff to mysql(1), ensure no errors occurred I just think that it wouldn't be much shorter (that C helper has about 100 SLOC if you strip all that error handling stuff), nor cleaner, nor faster. Best thing would to have PHP bindings for libalpm here... Well. Recommendations and patches welcome :p > * Oh my, I forgot we are still on MyISAM for the AUR. Please to god > switch to InnoDB and use transactions instead. Full ack. I'll talk to Loui about that.
Re: [aur-dev] Package blacklist for the AUR
On Mon, Feb 07, 2011 at 06:50:14PM +0100, Lukas Fleischer wrote: > > Blacklist helper side: > > * I won't lie, I think this is over-engineered a tad. This can be done > > in a much shorter and easier to hack shell script since all you need > > is package names- just pipe bsdtar output through some magic and you > > have package names. I've attached a sample starter script I use for > > archweb updates. I'd probably have it call bsdtar and then who knows > > what. > > Our consensus was not to fetch tarballs via HTTP and extract them here, > but use libalpm instead. We already discussed using a small PHP script > that uses Archive::Tar (PEAR) but discarded that. Using libalpm, future > database format changes won't affect us and it just seems cleaner. > > Of course, we could do that with some shell script which would have to > do following things tho: > > - parse the AUR "config.inc" file: read MySQL host name, socket, user > name, password > - use pacman(8) to sync local databases > - convert packages to MySQL queries using some sed(1)/awk(1) magic > - pipe stuff to mysql(1), ensure no errors occurred > > I just think that it wouldn't be much shorter (that C helper has about > 100 SLOC if you strip all that error handling stuff), nor cleaner, nor > faster. Best thing would to have PHP bindings for libalpm here... Well. > Recommendations and patches welcome :p Oh, and I'll probably make this script add package names listed in packages' "provides" arrays to the blacklist as well (thanks to Justin Davis, just read his reply).
Re: [aur-dev] Package blacklist for the AUR
On Mon, Feb 07, 2011 at 10:18:16AM -0500, Justin Davis wrote: > All around pretty awesome. I wouldn't have written it in C myself but > more power to you! What about provides lists from packages as well? > Can you add those to the blacklist? I think you (or someone) should > but maybe I am wrong. Adding packages' provides and replaces as well now.
[aur-dev] [PATCH] Use VARCHAR instead of CHAR where appropriate.
Signed-off-by: Lukas Fleischer
---
UPGRADING | 16
support/schema/aur-schema.sql | 28 ++--
2 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/UPGRADING b/UPGRADING
index c067af5..661a6c3 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -11,6 +11,22 @@ ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NULL
DEFAULT NULL;
UPDATE Packages SET OutOfDateTS = UNIX_TIMESTAMP() WHERE OutOfDate = 1;
ALTER TABLE Packages DROP OutOfDate, DROP FSPath, DROP URLPath, DROP
LocationID;
DROP TABLE PackageLocations, PackageContents;
+ALTER TABLE AccountTypes MODIFY AccountType VARCHAR(32) NOT NULL DEFAULT '';
+ALTER TABLE Users MODIFY Username VARCHAR(32) NOT NULL,
+ MODIFY Email VARCHAR(64) NOT NULL,
+ MODIFY RealName VARCHAR(64) NOT NULL DEFAULT '',
+ MODIFY LangPreference VARCHAR(5) NOT NULL DEFAULT 'en',
+ MODIFY IRCNick VARCHAR(32) NOT NULL DEFAULT '';
+ALTER TABLE PackageCategories MODIFY Category VARCHAR(32) NOT NULL;
+ALTER TABLE Packages MODIFY Name VARCHAR(64) NOT NULL,
+ MODIFY Version VARCHAR(32) NOT NULL DEFAULT '',
+ MODIFY Description VARCHAR(255) NOT NULL DEFAULT "An Arch Package",
+ MODIFY URL VARCHAR(255) NOT NULL DEFAULT "http://www.archlinux.org";,
+ MODIFY License VARCHAR(40) NOT NULL DEFAULT '';
+ALTER TABLE PackageSources
+ MODIFY Source VARCHAR(255) NOT NULL DEFAULT "/dev/null";
+ALTER TABLE TU_VoteInfo
+ MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL;
2. You will need to update all packages which are stored in the incoming dir as
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql
index cb5ea42..cddf00e 100644
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@@ -9,7 +9,7 @@ USE AUR;
--
CREATE TABLE AccountTypes (
ID TINYINT UNSIGNED NOT NULL AUTO_INCREMENT,
- AccountType char(32) NOT NULL DEFAULT '',
+ AccountType VARCHAR(32) NOT NULL DEFAULT '',
PRIMARY KEY (ID)
);
INSERT INTO AccountTypes (ID, AccountType) VALUES (1, 'User');
@@ -23,14 +23,14 @@ CREATE TABLE Users (
ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
AccountTypeID TINYINT UNSIGNED NOT NULL DEFAULT 1,
Suspended TINYINT UNSIGNED NOT NULL DEFAULT 0,
- Username CHAR(32) NOT NULL,
- Email CHAR(64) NOT NULL,
+ Username VARCHAR(32) NOT NULL,
+ Email VARCHAR(64) NOT NULL,
Passwd CHAR(32) NOT NULL,
Salt CHAR(32) NOT NULL DEFAULT '',
ResetKey CHAR(32) NOT NULL DEFAULT '',
- RealName CHAR(64) NOT NULL DEFAULT '',
- LangPreference CHAR(5) NOT NULL DEFAULT 'en',
- IRCNick CHAR(32) NOT NULL DEFAULT '',
+ RealName VARCHAR(64) NOT NULL DEFAULT '',
+ LangPreference VARCHAR(5) NOT NULL DEFAULT 'en',
+ IRCNick VARCHAR(32) NOT NULL DEFAULT '',
LastVoted BIGINT UNSIGNED NOT NULL DEFAULT 0,
NewPkgNotify TINYINT UNSIGNED NOT NULL DEFAULT 0,
PRIMARY KEY (ID),
@@ -66,7 +66,7 @@ CREATE TABLE Sessions (
--
CREATE TABLE PackageCategories (
ID TINYINT UNSIGNED NOT NULL AUTO_INCREMENT,
- Category CHAR(32) NOT NULL,
+ Category VARCHAR(32) NOT NULL,
PRIMARY KEY (ID)
);
INSERT INTO PackageCategories (Category) VALUES ('none');
@@ -93,13 +93,13 @@ INSERT INTO PackageCategories (Category) VALUES ('xfce');
--
CREATE TABLE Packages (
ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
- Name CHAR(64) NOT NULL,
- Version CHAR(32) NOT NULL DEFAULT '',
+ Name VARCHAR(64) NOT NULL,
+ Version VARCHAR(32) NOT NULL DEFAULT '',
CategoryID TINYINT UNSIGNED NOT NULL DEFAULT 1,
- Description CHAR(255) NOT NULL DEFAULT "An Arch Package",
- URL CHAR(255) NOT NULL DEFAULT "http://www.archlinux.org";,
+ Description VARCHAR(255) NOT NULL DEFAULT "An Arch Package",
+ URL VARCHAR(255) NOT NULL DEFAULT "http://www.archlinux.org";,
DummyPkg TINYINT UNSIGNED NOT NULL DEFAULT 0, -- 1=>dummy
- License CHAR(40) NOT NULL DEFAULT '',
+ License VARCHAR(40) NOT NULL DEFAULT '',
NumVotes INTEGER UNSIGNED NOT NULL DEFAULT 0,
OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL,
SubmittedTS BIGINT UNSIGNED NOT NULL,
@@ -134,7 +134,7 @@ CREATE TABLE PackageDepends (
--
CREATE TABLE PackageSources (
PackageID INTEGER UNSIGNED NOT NULL,
- Source CHAR(255) NOT NULL DEFAULT "/dev/null",
+ Source VARCHAR(255) NOT NULL DEFAULT "/dev/null",
INDEX (PackageID)
);
@@ -183,7 +183,7 @@ CREATE UNIQUE INDEX NotifyUserIDPkgID ON CommentNotify
(UserID, PkgID);
CREA
Re: [aur-dev] Old, unapplied patches
On Tue, Feb 08, 2011 at 07:42:17PM +0100, PyroPeter wrote: > >Among them are: > >* The right-to-left fixes for the hebrew translation I will have a look at that. > >* Making links in comments clickable That's not true, I already pushed this [1]. > >* Deletion through the web interface What exactly do you mean by this? > It's a pity nobody even bothers to reply to this topic. > Obviously there is no point in contributing to the AUR if the > contribution is just ignored. Sorry for the late reply, I must have skipped this thread somehow. [1] http://projects.archlinux.org/aur.git/commit/?id=60edcd04e52323050792252009512f7592f3b66c
Re: [aur-dev] Package blacklist for the AUR
On Tue, Feb 08, 2011 at 07:46:27PM -0500, Loui Chang wrote:
> Awesome :D.
> Rather than creating another config file, would it be possible to just
> point to the AUR's config.inc? Maybe a PHP wrapper around aurblup...
It already does. If you have a look at the "config.h.proto" file, the
first define ("AUR_CONFIG") points to the location of the AUR
"config.inc" file. aurblup extracts MySQL access data from there. We
still need that additional config file tho, as it also defines which
paths to use for libalpm DBs, which mirror to sync with and with repos
to sync. Actually, it's not a real config file, as it's a C header file
and will most likely never be changed after an initial setup.
> Also I found a couple typos: something about dwm, and leightweight.
Fixed in my local working tree.
> Thanks Lukas, you're the new hero of the AUR. :D
Haha, thanks :D
Re: [aur-dev] [PATCH] Use VARCHAR instead of CHAR where appropriate.
On Tue, Feb 08, 2011 at 09:13:07PM -0600, Dan McGee wrote: > On Tue, Feb 8, 2011 at 8:31 PM, Loui Chang wrote: > > On Tue 08 Feb 2011 10:40 +0100, Lukas Fleischer wrote: > >> - LangPreference CHAR(5) NOT NULL DEFAULT 'en', > > > > I think LangPreference could probably remain at CHAR, but I am no i18n > > or DB whiz. > > If it isn't something that must be X characters, it makes more sense > to use varchar. In this case, we can see that the default is only 2 > chars, so varchar seems appropriate to me. Ack. Applied this to my working tree.
[aur-dev] [PATCH] Remove fulltext index from "Packages".
Drop unused fulltext indexes from "Packages" table (all search routines use "LIKE" patterns) which prevent the use of InnoDB. Signed-off-by: Lukas Fleischer --- As far as I can see, this is the only thing that prevents us from using InnoDB as the storage engine for all tables. Correct me if I missed something. UPGRADING | 10 +- support/schema/aur-schema.sql |1 - 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/UPGRADING b/UPGRADING index 661a6c3..c649985 100644 --- a/UPGRADING +++ b/UPGRADING @@ -29,7 +29,15 @@ ALTER TABLE TU_VoteInfo MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL; -2. You will need to update all packages which are stored in the incoming dir as +2. Drop all fulltext indexes from the "Packages" table: + +Please do this with care. `ALTER TABLE Packages DROP INDEX Name;` will work in +most cases but might remove the wrong index if your indexes have been created +in a non-standard order (e.g. during some update process). You'd better run +`SHOW INDEX FROM Packages;` before to ensure that your setup doesn't use a +different naming. + +3. You will need to update all packages which are stored in the incoming dir as in 1.8.0, source tarballs are no longer extracted automatically and PKGBUILDs are from now on located in the same subdirectories as the tarballs themselves. The following script will do the conversion automatically when being run inside diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index cddf00e..d37e1b2 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -106,7 +106,6 @@ CREATE TABLE Packages ( ModifiedTS BIGINT UNSIGNED NOT NULL, SubmitterUID INTEGER UNSIGNED NOT NULL DEFAULT 0, -- who submitted it? MaintainerUID INTEGER UNSIGNED NOT NULL DEFAULT 0,-- User - FULLTEXT (Name,Description), PRIMARY KEY (ID), UNIQUE (Name), INDEX (CategoryID), -- 1.7.4
Re: [aur-dev] Old, unapplied patches
On Mon, Feb 07, 2011 at 02:36:33PM +0100, PyroPeter wrote: > there is a great backlog of patches that work well, but are not applied. > > Among them are: > * The right-to-left fixes for the hebrew translation > * Making links in comments clickable > * Deletion through the web interface > > It would be great if you could take some time to review and apply them. Unfortunately, both RTL and "flag for deletion" patch sets no longer apply, so they need to be rebased against current HEAD. I'll try to invest some work in that.
Re: [aur-dev] Package blacklist for the AUR
On Mon, Feb 07, 2011 at 06:50:14PM +0100, Lukas Fleischer wrote: > On Mon, Feb 07, 2011 at 10:08:54AM -0600, Dan McGee wrote: > > AUR side: > > * Using CHAR as a datatype is absolutely silly in new code, use > > VARCHAR, and why do anything shorter than 255 or 512? > > * On that note, almost all CHAR usages in the current schema are silly > > and should be using VARCHAR- anything on the Packages table, > > PackageCategories, PackageSources, TU_VoteInfo, AccountTypes, > > Username/Email/Passwd/IRCNick on Users. > > I just copied that from another table schema, but you're absolutely > right. I'll work on replacing all that CHAR stuff with VARCHARs later. > Might become a kinda ugly updating process from 1.7.0 to 1.8.0 :) Fixed. > > * Oh my, I forgot we are still on MyISAM for the AUR. Please to god > > switch to InnoDB and use transactions instead. > > Full ack. I'll talk to Loui about that. Fixed. Everything should be compatible with InnoDB now (talking about what's in my working tree - didn't push to gerolde yet). Also, aurblup uses transactions by default.
Re: [aur-dev] Adding the HE language.
Wow, I finally found some time to rebase and review all those patches... On Tue, Aug 17, 2010 at 04:51:03PM +0200, PyroPeter wrote: > I am now splitting the commit into smaller ones. > Attached are the first four patches: > 0001. 00e497a pkg_search_results: rewrite of page navigation I have to admit that I don't really like that way of pagination. It just feels odd and counter-intuitive imho. Right now, we have "First", "Prev", "Next" and "Last" buttons as well as pages adjacent to the current one. If you want to find a package that you remember to start with the letter "r" and to contain the string "and" somewhere in the package description, typing that into the search criteria and browsing all results is not the right way to do it. The proper way to allow users to search for such packages is to provide more powerful search criteria, which is something we're already working on. Also, if we'd want to implement something like that, I'd prefer some kind of binary search. That might, in fact, be interesting :) Moving parts of the paging stuff to "pkgfuncts.inc" makes sense tho. I'll probably extract this from the patch. > 0002. b65a5a3 pkg_search_results: increase size of links in > page-navigation I'm not sure about this. I've never heard any gripes about that links being too small. Is there any feature request concerning this? > 0003. df02d42 pkg_search_results: replace blind-table with > floating div's Basically sounds like a good idea. I'll look into that! > 0004. 76a874a Right-to-left written languages now supported Basically looks ok, except that you revert some previous bug fixes. Also, where's that "css/languages.css" that you link to in the new header template? Thanks for your contributions!
Re: [aur-dev] Adding the HE language.
On Mon, Feb 14, 2011 at 09:58:50PM +0100, PyroPeter wrote: > I rewrote the pagination a second time, this time without changing the > behavoir. Probably the world isn't ready yet for a commit that > turns searching into something awesome (tm). > (Children would have known what "logarithmic scaling" means even before > doing their first polynomial division!) Well, I don't get the point of it. The AUR is not a search engine and that logarithmic scaling feels a bit weird. But that's just an opinion. > On the search criteria: it would be great to have regexps! > Mysql even has support for that: > SELECT * FROM foo WHERE foo REGEXP '^java'; We decided not to implement this into the AUR backend. Quoting myself: "The AUR is a simple interface to upload, download and search for packages and shouldn't be regarded as almighty search engine. Also, there's no way to implement server-side regex search without any loss of security." The issue is about backtracking (or similar algorithms) taking a lot of time for specific expressions. RegEx search could be used to DoS the AUR easily. Furthermore, we believe that such functionality should rather be moved to the client side. We'll support that by providing easier access to package data (in the form of direct database access, database dumps, plain text lists of packages or something similar) in the future. Let's keep the AUR simple and clean, let the AUR helpers do the more complex stuff. > >>0002. b65a5a3 pkg_search_results: increase size of links in > >> page-navigation > > > >I'm not sure about this. I've never heard any gripes about that links > >being too small. Is there any feature request concerning this? > > No. But this only grews one-digit-links to be of the size of two-digit- > links, so imo the usability gain outweights the space consumption. > I merged this change into the patch mentioned above. I'll check that as soon as I get round to it. > >>0003. df02d42 pkg_search_results: replace blind-table with > >> floating div's > > > >Basically sounds like a good idea. I'll look into that! > > > >>0004. 76a874a Right-to-left written languages now supported > > > >Basically looks ok, except that you revert some previous bug fixes. > >Also, where's that "css/languages.css" that you link to in the new > >header template? > > The last two patches probably need a lot of updating, I will do that > next. I attached languages.css (forgot to git-add it) Cool. Thanks!
Re: [aur-dev] Adding the HE language.
On Mon, Feb 14, 2011 at 09:58:50PM +0100, PyroPeter wrote:
> >From 541c18f86d970051d837e9dd75e1122292d1fd4f Mon Sep 17 00:00:00 2001
> From: PyroPeter
> Date: Mon, 14 Feb 2011 20:58:42 +0100
> Subject: [PATCH] pkg_search_results: rewrite of pagination
>
> * Most of the PHP-code was moved to pkgfuncs.php to keep the template simple.
>
> Signed-off-by: PyroPeter
> ---
> web/html/css/arch.css | 17 +---
> web/lib/pkgfuncs.inc| 28 +
> web/template/pkg_search_results.php | 77 ++
> 3 files changed, 53 insertions(+), 69 deletions(-)
>
> diff --git a/web/html/css/arch.css b/web/html/css/arch.css
> index c3ed3aa..203d9da 100644
> --- a/web/html/css/arch.css
> +++ b/web/html/css/arch.css
> @@ -328,19 +328,24 @@ blockquote.code {
> text-decoration: none;
> }
>
> -#pages { margin: 5px; }
> -#pages .page_num {
> +.pageNav {
> + margin:5px 0;
> +}
> +.pageNav .page_num {
> border: 1px solid #ddd;
> padding: 2px;
> color: #0771a6;
> }
Why don't you stick to the coding style and use lowerCamelCase instead
of underscore_separated_class_names? Using non-standard capitalization
doesn't contribute to the consistency of our code base.
> -
> -#pages .page_num:hover {
> +.pageNav * {
> + display:inline-block;
> + text-align:center;
> + min-width:3ex;
> +}
> +.pageNav .page_num:hover {
> border: 1px solid #8faecd;
> color: #333;
> }
> -
> -#pages #page_sel {
> +.pageNav .page_sel {
> border: 1px solid #8faecd;
> padding: 2px;
> color: #333;
Same here. And again, you should have split this patch into two separate
ones. There's no relation between CSS adjustments and the separation of
action and view. Keep your patches small.
> diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
> index 2f69321..0420054 100644
> --- a/web/lib/pkgfuncs.inc
> +++ b/web/lib/pkgfuncs.inc
> @@ -559,6 +559,34 @@ function pkg_search_page($SID="") {
>
>
> if ($total > 1 || $total == 0) {
> + # calculation of pagination links
> + $per_page = ($_GET['PP'] > 0) ? $_GET['PP'] : 25;
> + $current = ceil($first / $per_page);
> + $pages = ceil($total / $per_page);
> + $templ_pages = array();
> +
> + if ($current - 1 > 1)
> + $templ_pages[__('First')] = 0;
> +
> + if ($current > 1)
> + $templ_pages[__('Previous')] = ($current - 2) *
> $per_page;
I'd just use the same criteria for both "First" and "Previous" buttons.
It might be right that having separate "First" and "Previous" links on
the second page doesn't make a lot of sense but those constantly
appearing and disappering pagination links in search results are really
confusing when actually browsing stuff imho. I'm open to different
opinions tho.
> +
> + if ($current - 5 > 1)
> + $templ_pages[] = "ellipsis";
I'd prefer something like "$templ_pages['...'] = false;" here so we can
just use "if ($pagestart === false) echo $pagenr;" to display text
without ".page_sel" wrapper spans and don't need to deal with strange
special cases later.
> + for ($i = max($current - 5, 1) ; $i <= min($pages, $current +
> 5) ; $i++) {
Please don't put spaces before those semicolons.
> + $templ_pages[$i] = ($i - 1) * $per_page;
> + }
> +
> + if ($current + 5 < $pages)
> + $templ_pages[] = "ellipsis";
Same as above.
> +
> + if ($current < $pages)
> + $templ_pages[__('Next')] = $current * $per_page;
> +
> + if ($current + 1 < $pages)
> + $templ_pages[__('Last')] = ($pages - 1) * $per_page;
Same as with "First" and "Previous".
> +
> include('pkg_search_form.php');
> include('pkg_search_results.php');
> }
> diff --git a/web/template/pkg_search_results.php
> b/web/template/pkg_search_results.php
> index 4830ca8..57d574c 100644
> --- a/web/template/pkg_search_results.php
> +++ b/web/template/pkg_search_results.php
> @@ -113,73 +113,24 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
>
>
>
> -
> - $total) ?>
> -
> [...]
> - '>
> -
> -
> +
Where did you define ".pageStats"? You should use underscores as word
separators here as well.
> + $first, $last, $total) ?>
> +
> +
Use underscores, see above.
> +
> $pagestart) { ?>
> + ?>
> + ...
As mentioned above, I'd just use "if ($pagestart === false) echo
$pagenr;" here and set page number offsets in "$templ_pages" to "false"
if an entry doesn't link to a speci
Re: [aur-dev] Adding the HE language.
On Tue, Feb 15, 2011 at 08:16:16PM +0100, PyroPeter wrote: > >From 65d170d638cc46f8552ba2aa6876efabeeec6397 Mon Sep 17 00:00:00 2001 > From: PyroPeter > Date: Tue, 15 Feb 2011 20:04:23 +0100 > Subject: [PATCH 2/2] pkg_search_results: replace blind-table with floating > divs > > * I tried to remove errors in the sgml-structure > e.g.: > > > > * I did not remove or add code (except the and stuff, of cause). > I only changed the order of the html/php-tags. > * The bottom and top of the script are now properly indented. > I did not indent the middle part (table of search results) because that > would > render the diff completely useless. > > Signed-off-by: PyroPeter > --- > web/html/css/arch.css | 15 + > web/html/css/containers.css |2 +- > web/template/pkg_search_results.php | 116 > +-- > 3 files changed, 72 insertions(+), 61 deletions(-) > Could you please use underscore as delimiters instead of camelCase here as well?
Re: [aur-dev] Adding the HE language.
On Tue, Feb 15, 2011 at 09:46:36PM +0100, PyroPeter wrote: > On 02/15/2011 09:45 PM, PyroPeter wrote: > >On 02/12/2011 01:34 PM, Lukas Fleischer wrote: > >>>0004. 76a874a Right-to-left written languages now supported > >> > >>Basically looks ok, except that you revert some previous bug fixes. > >>Also, where's that "css/languages.css" that you link to in the new > >>header template? > > > >I now updated this, too. > >What bugfixes did I revert? I hope I did not revert them this time. > >I merged the content of the former languages.css into arch.css. > > > >Regards, PyroPeter > > Forgot to attach the patch. m( > > -- > freenode/pyropeter ETAOIN SHRDLU > >From 38e43b5e69ec2d8e15c0ef054ad09aa7f813940a Mon Sep 17 00:00:00 2001 > From: PyroPeter > Date: Tue, 15 Feb 2011 21:32:52 +0100 > Subject: [PATCH 3/3] Support for langauges written right-to-left > > Signed-off-by: PyroPeter > --- > web/html/css/arch.css | 51 +- > web/html/css/containers.css |9 --- > web/template/footer.php |2 +- > 3 files changed, 46 insertions(+), 16 deletions(-) > Looks fine to me. I'll test that one soon. Thanks!
Re: [aur-dev] Adding the HE language.
On Wed, Feb 16, 2011 at 07:51:32PM +0100, PyroPeter wrote: > I changed the things you mentioned and also removed the CSS adjustments. Thanks.
Re: [aur-dev] Adding the HE language.
On Thu, Feb 17, 2011 at 07:54:36PM +0100, PyroPeter wrote: > On 02/16/2011 04:07 PM, Lukas Fleischer wrote: > >Could you please use underscore as delimiters instead of camelCase here > >as well? > > Done. Thanks.
Re: [aur-dev] Adding the HE language.
On Thu, Feb 17, 2011 at 07:58:13PM +0100, PyroPeter wrote: > On 02/15/2011 09:45 PM, PyroPeter wrote: > >I now updated this, too. > >What bugfixes did I revert? I hope I did not revert them this time. > >I merged the content of the former languages.css into arch.css. > > > >Regards, PyroPeter > > New version with s/camelCase/underscore_delimited/g Thanks.
[aur-dev] AUR 1.8.0 released
1.8.0 is finally out [1]! Please note that this release removes all the code for automatic tarball extraction. From now on, only PKGBUILDs and source tarballs will be accessible via the AUR web interface. 1.8.0 also introduces a package blacklist and a blacklist helper which can be used to avoid submission of packages from the official repos to the AUR. Other changes include: * Original submitters in package details. * Variable parser improvements. * "python2" shebang for all Python scripts. * "First" and "Last" links in search results. * Timestamps for out-of-date packages. * Clickable links in comments. * Auto redirection from confirmation screens. * RTL support. * Updated translations. * InnoDB compatibility for all tables. * Database cleanups. * Fixes for some XSS vulnerabilities. * Fixes for all bugs reported on the bug tracker [2] :) Check the Git log [3] for a complete list. The official Arch Linux AUR setup [4] will be upgraded soon! [1] http://projects.archlinux.org/aur.git/commit/?id=a7742012 [2] https://bugs.archlinux.org/index.php?project=2 [3] http://projects.archlinux.org/aur.git/log/?id=a7742012 [4] https://aur.archlinux.org/
Re: [aur-dev] [PATCH] "logged before" -> "logged in before" in web/lib/pkgfuncs.inc
On Mon, Feb 21, 2011 at 05:18:57PM +0100, Wieland Hoffmann wrote:
> This fixes a small message telling people they had to be logged to edit
> package
> information into telling them they need to be logged _in_.
>
> ---
> web/lib/pkgfuncs.inc |4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
> index f5591f3..fd855ac 100644
> --- a/web/lib/pkgfuncs.inc
> +++ b/web/lib/pkgfuncs.inc
> @@ -994,7 +994,7 @@ function pkg_notify ($atype, $ids, $action = True) {
> */
> function pkg_delete_comment($atype) {
> if (!$atype) {
> - return __("You must be logged before you can edit package
> information.");
> + return __("You must be logged in before you can edit package
> information.");
> }
>
> # Get ID of comment to be removed
> @@ -1026,7 +1026,7 @@ function pkg_delete_comment($atype) {
> */
> function pkg_change_category($atype) {
> if (!$atype) {
> - return __("You must be logged before you can edit package
> information.");
> + return __("You must be logged in before you can edit package
> information.");
> }
>
> # Get ID of the new category
Thanks.
Re: [aur-dev] [PATCH] Update the german translation
On Mon, Feb 21, 2011 at 05:46:29PM +0100, Wieland Hoffmann wrote: > The subject should be self-explanatory. > > Wieland Why did you skip some of the entries? Like "Proposal cannot be empty.", "Add Proposal" and "Proposal Details"?
Re: [aur-dev] [PATCH] Update the german translation
On Wed, Feb 23, 2011 at 02:48:06PM +, Viktor Leonhardt wrote: > Am 21.02.2011 16:46, schrieb Wieland Hoffmann: > >The subject should be self-explanatory. > > > >Wieland > Hi, > will this Patch be pushed? If not, I use this patch as a base and > add some thingt or remove the empty-ones. This is on my TODO list, but there's more important stuff on there. I'll probably add the missing entries myself as I'm a native German speaker. But thanks a lot!
Re: [aur-dev] Russian comments are '???'
On Fri, Feb 25, 2011 at 01:34:12PM +1000, Joker-jar wrote: > Hi. Russian comments are like '???' now in the aur. Look: > http://aur.archlinux.org/packages.php?ID=40365 I think, problem in database > encoding Thanks, I'll look into that. Maybe you'd better create a bug report in the bug tracker, here. Anyways... Please write in English, only. AUR comments are public and should be readable and comprehensible for everyone.
Re: [aur-dev] [PATCH] Specify utf8 in database schema.
On Sun, Feb 27, 2011 at 08:38:45PM -0500, Loui Chang wrote: > Signed-off-by: Loui Chang > --- > support/schema/aur-schema.sql |8 > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql > index b713fc8..1649055 100644 > --- a/support/schema/aur-schema.sql > +++ b/support/schema/aur-schema.sql > @@ -2,7 +2,7 @@ > -- is also included such as AccountTypes, etc. > -- > DROP DATABASE AUR; > -CREATE DATABASE AUR; > +CREATE DATABASE AUR DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; > USE AUR; > > -- Define the Account Types for the AUR. > @@ -159,7 +159,7 @@ CREATE TABLE PackageComments ( > ID BIGINT UNSIGNED NOT NULL AUTO_INCREMENT, > PackageID INTEGER UNSIGNED NOT NULL, > UsersID INTEGER UNSIGNED NOT NULL, > - Comments TEXT NOT NULl DEFAULT '', > + Comments TEXT NOT NULL DEFAULT '', > CommentTS BIGINT UNSIGNED NOT NULL DEFAULT 0, > DelUsersID INTEGER UNSIGNED NULL DEFAULT NULL, > PRIMARY KEY (ID), > @@ -193,8 +193,8 @@ CREATE TABLE PackageBlacklist ( > -- > CREATE TABLE IF NOT EXISTS TU_VoteInfo ( >ID int(10) unsigned NOT NULL auto_increment, > - Agenda text collate latin1_general_ci NOT NULL, > - User VARCHAR(32) collate latin1_general_ci NOT NULL, > + Agenda text COLLATE utf8_general_ci NOT NULL, > + User VARCHAR(32) COLLATE utf8_general_ci NOT NULL, >Submitted bigint(20) unsigned NOT NULL, >End bigint(20) unsigned NOT NULL, >SubmitterID int(10) unsigned NOT NULL, > -- > 1.7.4.1 Thanks. Pushed that.
[aur-dev] AUR 1.8.1 released
We've just released 1.8.1 [1]! :) This one's primarily a bug fix release. It improves blacklist handling and promotes full InnoDB conversion, including some database schema cleanups. IMPORTANT: It also contains a fix for a potential SQL injection vulnerability - all maintainers of AUR setups are encouraged to upgrade, soon! Thanks to Dan for pointing this out and for providing patches for this a lot more. Other changes include: * Per-user session limits (FS#12898, defaulting to 8 sessions per user). * Searching for non-out-of-date packages (fixes FS#17896). * Packages with subdirectories are rejected (fixes FS#22995). * Automatic adoption when updating an orphan package (fixes FS#22992). * ZIP bomb protection (fixes FS#22991). Check the Git log [2] for a complete list. The official Arch Linux AUR setup [3] will be upgraded soon! [1] http://projects.archlinux.org/aur.git/commit/?id=29b2f3b3 [2] http://projects.archlinux.org/aur.git/log/?id=29b2f3b3 [3] https://aur.archlinux.org/
Re: [aur-dev] A few more patches
On Thu, Mar 10, 2011 at 09:18:50AM -0600, Dan McGee wrote: > Mostly to Lukas, but posting it here- I have a few more patches on my > working branch you might be interested in: > http://code.toofishes.net/cgit/dan/aur.git/log/?h=working > > * Perform a second query to find total search count > * Split package search query into parts > * More PHP Notice undefined fixups Thanks, pushed.
[aur-dev] [PATCH] Notify package maintainers about deleted dependencies (FS#10372).
Signed-off-by: Lukas Fleischer
---
While upgrading our database to InnoDB, I noticed that there are missing
dependencies in the package details view for some packages. This happens
when some dependency of a package gets deleted as we recently added an
"ON DELETE CASCADE" foreign key on package IDs to the "PackageDepends"
table (the problem already existed before, tho). While thinking about a
proper fix, it reminded me of FS#10372 which is related and would seem
to me to be kinda useful.
Reviews and comments welcome!
web/lib/pkgfuncs.inc | 29 +
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index d5e0771..bfa3e1f 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -709,6 +709,35 @@ function pkg_delete ($atype, $ids) {
}
$dbh = db_connect();
+
+ # Notify of deleted dependencies.
+ $f_name = username_from_sid($_COOKIE['AURSID']);
+ $f_uid = uid_from_sid($_COOKIE['AURSID']);
+ $q = "SELECT Users.Email, DepPkgs.ID, DepPkgs.Name, ";
+ $q .= "GROUP_CONCAT(Packages.Name SEPARATOR ', ') AS DepList ";
+ $q .= "FROM Packages ";
+ $q .= "LEFT JOIN PackageDepends ON PackageDepends.DepPkgId =
Packages.ID ";
+ $q .= "LEFT JOIN Packages DepPkgs ON DepPkgs.ID =
PackageDepends.PackageID ";
+ $q .= "LEFT JOIN Users ON Users.ID = DepPkgs.MaintainerUID ";
+ $q .= "WHERE Packages.ID IN (" . implode(",", $ids) . ") ";
+ $q .= "GROUP BY DepPkgs.ID;";
+ $result = db_query($q, $dbh);
+ if (mysql_num_rows($result)) {
+ while ($row = mysql_fetch_assoc($result)) {
+ # construct email
+ $body = "The following dependencies of your package " .
$row['Name'] . " [1] ";
+ $body .= "have been removed by " . $f_name . " [1]: " .
$row['DepList'] . ".\n\n";
+ $body .= "Please check if the \"depends\" array of your
PKGBUILD needs to be updated ";
+ $body .= "(shouldn't be necessary if a package was
moved to the official repos) ";
+ $body .= "and re-upload your package.\n\n";
+ $body .= "[1]
http://aur.archlinux.org/packages.php?ID="; . $row['ID'] . "\n";
+ $body .= "[2]
http://aur.archlinux.org/account.php?Action=AccountInfo&ID="; . $f_uid;
+ $body = wordwrap($body, 70);
+ $headers = "Reply-to:
nob...@archlinux.org\nFrom:aur-not...@archlinux.org\nX-Mailer: PHP\nX-MimeOLE:
Produced By AUR\n";
+ @mail($row['Email'], "AUR Dependency Removal
Notification for " . $row['Name'], $body, $headers);
+ }
+ }
+
$q = "DELETE FROM Packages WHERE ID IN (" . implode(",", $ids) . ")";
$result = db_query($q, $dbh);
--
1.7.4.1
Re: [aur-dev] [PATCH] Fix main site package search URL
On Tue, Mar 15, 2011 at 09:24:56AM -0500, Dan McGee wrote:
> I've been wanting to kill this one for a long time.
>
> Signed-off-by: Dan McGee
> ---
> web/template/pkg_details.php |4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
> index eac7b69..1a1e611 100644
> +++ b/web/template/pkg_details.php
> @@ -118,7 +118,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg :
> gmdate("r", intval($row[
> # $darr[3] is the DepCondition
> echo " href='packages.php?ID=".$darr[0]."'>".$darr[1].$darr[3]."";
> } else {
> - echo " href='http://www.archlinux.org/packages/search/?q=".$darr[1].";'>".$darr[1].$darr[3]."";
> + echo " href='http://www.archlinux.org/packages/?q=".$darr[1].";'>".$darr[1].$darr[3]."";
> }
> }
>
> @@ -135,7 +135,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg :
> gmdate("r", intval($row[
> if ($darr[2] == 0) {
> echo " href='packages.php?ID=".$darr[0]."'>".$darr[1]."";
> } else {
> - print " href='http://www.archlinux.org/packages/search/?q=".$darr[1].";'>".$darr[1]."";
> + print " href='http://www.archlinux.org/packages/?q=".$darr[1].";'>".$darr[1]."";
> }
> }
>
> --
> 1.7.4.1
Pushed, thanks!
Re: [aur-dev] [PATCH] Bump up default per-page value to 50
On Tue, Mar 22, 2011 at 10:03:56PM -0500, Dan McGee wrote: > 25 is woefully small for the number of packages many searches can > return, and with 28000+ packages in AUR, it makes sense to show a lot > more per page by default. > > The new choices of (50, 100, 250) happen to match those from the main > site. > > Signed-off-by: Dan McGee > --- > > Whoops- sent an old version of the patch without the bump from 100 to 250 on > the upper limit. > > web/lib/pkgfuncs.inc | 12 ++-- > web/template/pkg_search_form.php |2 +- > 2 files changed, 7 insertions(+), 7 deletions(-) Sounds reasonable. Applied, thanks!
Re: [aur-dev] [PATCH 3/5] Remove Dummy Package concept
On Wed, Mar 30, 2011 at 08:48:09PM -0500, Dan McGee wrote: > Instead, we just store dependencies directly in the PackageDepends > table. Since we don't use this info anywhere besides the package details > page, there is little value in precalculating what is in the AUR vs. > what is not. > > An upgrade path is provided via several SQL statements in the UPGRADING > document. There should be no user-visible change from this, but the DB > schema gets a bit more sane and we no longer have loads of junk packages > in our tables that are never shown to the end user. This should also > help the MySQL query planner in several cases as we no longer have to be > careful to exclude dummy packages on every query. > > Signed-off-by: Dan McGee > --- > UPGRADING | 12 > support/schema/aur-schema.sql |5 +-- > support/scripts/newpackage-notify |2 +- > web/html/pkgsubmit.php| 17 ++ > web/html/rss.php |1 - > web/lib/aur.inc |3 +- > web/lib/aurjson.class.php |4 +- > web/lib/pkgfuncs.inc | 56 +++- > web/lib/stats.inc |4 +- > web/template/pkg_details.php | 21 - > 10 files changed, 41 insertions(+), 84 deletions(-) Just a short feedback: Those patches have already been in my working tree for a few days now. I will double-check if there are no side effects - especially with the dummy package removal - before merging and pushing tho (just to be sure there's no unexpected breakage, e.g. this one will remove all dummy package pages, like [1] - tho they're broken anyways and have probably never been used by anyone). [1] https://aur.archlinux.org/packages.php?ID=42
Re: [aur-dev] Some optimzation patches
On Sun, Apr 03, 2011 at 08:41:27PM -0700, elij wrote: > Here are some patches that optimze a few things: > > - combine css for faster delivery (fewer tcp connections) > - minimize css (faster delivery, bandwidth reduction) > note: originals are retained for later editing and re-minimization > - optimize png file > - specific image dimensions in a few places where they were missing > - move ie specific style (archnav bg image) to a separate stylesheet > and include conditionally Seems like you forgot to submit a whole bunch of patches... I only got the PNG file optimization and the image dimension patches so far. Imho, we should also be careful with optimizing code for the sake of bandwidth reduction and speed. Most modern browsers have caching enabled by default, so most of those performance improvements will only come into operation once. I'll accept any patches as long as they don't have an impact on maintainability. Things like merging modular files into a single monster probably do.
Re: [aur-dev] [PATCH 1/3] make gendummydata script more friendly
On Tue, Apr 05, 2011 at 11:57:46PM -0700, elij wrote:
> - remove need to use mysql for generating the sql
> - just consider categories an integer range, specified to the size
> of that in the aur-schema.
> - use the logging module instead of writing directly to stderr
> this makes the code cleaner as it removes the numerous tests for the value
> of DBUG, yet allows devs to control the level of output verbosity.
> ---
> support/schema/gendummydata.py | 106 +--
> 1 files changed, 25 insertions(+), 81 deletions(-)
>
I agree with both changes, but please split that one into two separate
patches.
> diff --git a/support/schema/gendummydata.py b/support/schema/gendummydata.py
> index 7b1d0cf..8ed9f69 100755
> --- a/support/schema/gendummydata.py
> +++ b/support/schema/gendummydata.py
> @@ -15,9 +15,9 @@ import os
> import sys
> import cStringIO
> import commands
> +import logging
>
> -
> -DBUG = 1
> +log_level = logging.DEBUG # logging level. set to logging.INFO to reduce
> output
I'm not a Python coder, but is there any reason to use lowercase here
whereas we use uppercase for all other constants?
> SEED_FILE = "/usr/share/dict/words"
> DB_HOST = os.getenv("DB_HOST", "localhost")
> DB_NAME = os.getenv("DB_NAME", "AUR")
> @@ -33,6 +33,7 @@ PKG_FILES = (8, 30)# min/max number of files in a
> package
> PKG_DEPS = (1, 5) # min/max depends a package has
> PKG_SRC = (1, 3) # min/max sources a package has
> PKG_CMNTS = (1, 5) # min/max number of comments a package has
> +CATEGORIES_COUNT = 17 # the number of categories from aur-schema
> VOTING= (0, .30) # percentage range for package voting
> RANDOM_PATHS = ( # random path locations for package files
> "/usr/bin", "/usr/lib", "/etc", "/etc/rc.d", "/usr/share", "/lib",
> @@ -45,44 +46,25 @@ RANDOM_URL = ("http://www.";, "ftp://ftp.";, "http://";,
> "ftp://";)
> RANDOM_LOCS = ("pub", "release", "files", "downloads", "src")
> FORTUNE_CMD = "/usr/bin/fortune -l"
>
> +# setup logging
> +logformat = "%(levelname)s: %(message)s"
> +logging.basicConfig(format=logformat, level=log_level)
> +log = logging.getLogger()
>
> if len(sys.argv) != 2:
> - sys.stderr.write("Missing output filename argument");
> + log.error("Missing output filename argument")
> raise SystemExit
>
> # make sure the seed file exists
> #
> if not os.path.exists(SEED_FILE):
> - sys.stderr.write("Please install the 'words' Arch package\n");
> - raise SystemExit
> -
> -# Make sure database access will be available
> -#
> -try:
> - import MySQLdb
> -except:
> - sys.stderr.write("Please install the 'mysql-python' Arch package\n");
> - raise SystemExit
> -
> -# try to connect to database
> -#
> -try:
> - db = MySQLdb.connect(host = DB_HOST, user = DB_USER,
> - db = DB_NAME, passwd = DB_PASS)
> - dbc = db.cursor()
> -except:
> - sys.stderr.write("Could not connect to database\n");
> + log.error("Please install the 'words' Arch package")
> raise SystemExit
Shouldn't we rather use "sys.exit(1);" here instead of raising a
SystemExit exception? That way we'd have a proper exit status, also.
Might be something to include in the debugging/error handling patch.
>
> -esc = db.escape_string
> -
> -
> # track what users/package names have been used
> #
> seen_users = {}
> seen_pkgs = {}
> -categories = {}
> -category_keys = []
> user_keys = []
>
> # some functions to generate random data
> @@ -95,14 +77,14 @@ def genVersion():
> ver.append("%d" % random.randrange(0,100))
> return ".".join(ver) + "-u%d" % random.randrange(1,11)
> def genCategory():
> - return categories[category_keys[random.randrange(0,len(category_keys))]]
> + return random.randrange(0,CATEGORIES_COUNT)
> def genUID():
> return seen_users[user_keys[random.randrange(0,len(user_keys))]]
>
>
> # load the words, and make sure there are enough words for users/pkgs
> #
> -if DBUG: print "Grabbing words from seed file..."
> +log.debug("Grabbing words from seed file...")
> fp = open(SEED_FILE, "r")
> contents = fp.readlines()
> fp.close()
> @@ -117,7 +99,7 @@ else:
>
> # select random usernames
> #
> -if DBUG: print "Generating random user names..."
> +log.debug("Generating random user names...")
> user_id = USER_ID
> while len(seen_users) < MAX_USERS:
> user = random.randrange(0, len(contents))
> @@ -130,7 +112,7 @@ user_keys = seen_users.keys()
>
> # select random package names
> #
> -if DBUG: print "Generating random package names..."
> +log.debug("Generating random package names...")
> num_pkgs = PKG_ID
> while len(seen_pkgs) < MAX_PKGS:
> pkg = random.randrange(0, len(contents))
> @@ -149,22 +131,6 @@ while len(seen_pkgs) < MAX_PKGS:
> #
> contents = None
>
> -# Load package categories from database
> -#
> -if DBUG: print "Loading package categories..."
> -q = "SELECT * FROM Packa
Re: [aur-dev] [PATCH 3/3] convert to spaces
On Tue, Apr 05, 2011 at 11:57:48PM -0700, elij wrote: > reformat with recommendation from pep8 for using spaces > --- > support/schema/gendummydata.py | 256 > > 1 files changed, 128 insertions(+), 128 deletions(-) Won't push that one, as long as we don't agree on an amendment of our coding standards. Refer to "HACKING".
Re: [aur-dev] [PATCH 1/1] refer to the wiki for api documentation
On Tue, Apr 05, 2011 at 10:03:22AM -0700, elij wrote: > --- > web/html/rpc.php | 20 +--- > 1 files changed, 5 insertions(+), 15 deletions(-) > Basically sounds like a good idea, but we should try to move away from having stuff strongly linked to the Arch Linux homepage. I know the AUR even has "Arch Linux" in its project name but there's still a few other projects hosting customized setups of this software. It might be a good idea to make all parts that refer to archlinux.org or any of its subdomains somewhat modular...
Re: [aur-dev] [PATCH 2/7] add minified aur css
On Mon, Apr 04, 2011 at 02:44:06PM -0700, elij wrote:
> ---
> web/html/css/aur.min.css | 148
> ++
> 1 files changed, 148 insertions(+), 0 deletions(-)
> create mode 100644 web/html/css/aur.min.css
>
> diff --git a/web/html/css/aur.min.css b/web/html/css/aur.min.css
> new file mode 100644
> index 000..51380bb
> --- /dev/null
> +++ b/web/html/css/aur.min.css
> @@ -0,0 +1,148 @@
> +span{color:#555;font-family:Bitstream Vera Sans, Lucida Grande, Arial,
> sans-serif;}
> +span.f1{font-size:20px;letter-spacing:1px;}
> +span.f2{font-size:14px;color:#6c83b0;font-weight:bold;}
> +span.f3{color:#888;font-size:14px;font-weight:bold;padding-right:2px;}
> +span.f4{color:#444;font-size:12px;}
> +span.f5{color:#333;font-size:11px;}
> +span.f6{color:#b06d6e;font-size:14px;font-weight:bold;}
> +span.f7{color:#6db06d;font-size:14px;font-weight:bold;}
> +span.f8{color:#888;font-size:12px;font-weight:bold;}
> +span.fix{color:#000;font-family:monospace, fixed, terminal;font-size:12px;}
> [...]
Imho, we should at least add some comments and split stuff into sections
(7 or 8 additional bytes shouldn't make a difference). Otherwise this
becomes confusing...
Re: [aur-dev] [PATCH 5/7] use new css files in header template
On Mon, Apr 04, 2011 at 02:44:09PM -0700, elij wrote: > --- > web/template/header.php |9 + > 1 files changed, 5 insertions(+), 4 deletions(-) > You should split and merge this into the patches addressing the CSS file merging and the creation of the IE6 stylesheet. Keep changesets atomic.
Re: [aur-dev] [PATCH 6/7] optimize png file
On Mon, Apr 04, 2011 at 02:44:10PM -0700, elij wrote: > - savings of about 1K (22%) > --- > web/html/css/archnavbar/archlogo.png | Bin 4192 -> 3258 bytes > 1 files changed, 0 insertions(+), 0 deletions(-) > How did you do this? Please add some note on how to reproduce that optimization to the commit message.
Re: [aur-dev] [PATCH 2/7] add minified aur css
On Wed, Apr 06, 2011 at 02:18:22PM -0500, Dan McGee wrote:
> On Wed, Apr 6, 2011 at 2:15 PM, Lukas Fleischer
> wrote:
> > On Mon, Apr 04, 2011 at 02:44:06PM -0700, elij wrote:
> >> ---
> >> web/html/css/aur.min.css | 148
> >> ++
> >> 1 files changed, 148 insertions(+), 0 deletions(-)
> >> create mode 100644 web/html/css/aur.min.css
> >>
> >> diff --git a/web/html/css/aur.min.css b/web/html/css/aur.min.css
> >> new file mode 100644
> >> index 000..51380bb
> >> --- /dev/null
> >> +++ b/web/html/css/aur.min.css
> >> @@ -0,0 +1,148 @@
> >> +span{color:#555;font-family:Bitstream Vera Sans, Lucida Grande, Arial,
> >> sans-serif;}
> >> +span.f1{font-size:20px;letter-spacing:1px;}
> >> +span.f2{font-size:14px;color:#6c83b0;font-weight:bold;}
> >> +span.f3{color:#888;font-size:14px;font-weight:bold;padding-right:2px;}
> >> +span.f4{color:#444;font-size:12px;}
> >> +span.f5{color:#333;font-size:11px;}
> >> +span.f6{color:#b06d6e;font-size:14px;font-weight:bold;}
> >> +span.f7{color:#6db06d;font-size:14px;font-weight:bold;}
> >> +span.f8{color:#888;font-size:12px;font-weight:bold;}
> >> +span.fix{color:#000;font-family:monospace, fixed,
> >> terminal;font-size:12px;}
> >> [...]
> >
> > Imho, we should at least add some comments and split stuff into sections
> > (7 or 8 additional bytes shouldn't make a difference). Otherwise this
> > becomes confusing...
>
> I'm not sure I agree with the patchset (this is minimal gain here; our
> CSS is not extensive), but your point is a tad off base. The whole
> point of minified CSS is it is generated and not meant for human
> consumption ever. It should always be generated via some compressor
> program.
>
> Of course, the commit message should be saying this to ease these
> concerns before they are even raised, not me...
Oh, yeah. I missed the point here and tought this was some reformatting
applied to the main stylesheet. The commit message should definitely
contain some note on how this was achieved.
After all, I don't think I'm gonna push this one anyways. As Dan said,
it's minimal gain and adds extra work to every patch affecting the
stylesheets (or at least before each release, in case we would decide to
re-create minimal stylesheets before releasing).
Re: [aur-dev] [PATCH 1/3] make gendummydata script more friendly
On Wed, Apr 06, 2011 at 12:35:32PM -0700, elij wrote:
> On Wed, Apr 6, 2011 at 12:04 PM, Lukas Fleischer
> wrote:
> >> num_comments = random.randrange(PKG_CMNTS[0], PKG_CMNTS[1])
> >> for i in range(0, num_comments):
> >> - fortune =
> >> esc(commands.getoutput(FORTUNE_CMD).replace("'",""))
> >> + fortune = commands.getoutput(FORTUNE_CMD).replace("'","")
> >
> > Why did you drop escape_string() here?
>
> It relies upon mysql, and since the other instance of mysql usage was
> removed by one of my patches, I removed this as well (to remove the
> dep entirely). For dummy data there really isn't a danger of sql
> injection, and removing ' characters from the fortune_cmd result
> string should be enough to keep from causing the written sql to be
> badly formatted.
The problem is not someone actually trying to exploit this but fortunes
containing single quotes which will lead to broken MySQL queries.
There's two things we can do here:
* Keep the mysql-python dependency just for escape_string().
* Implement escape_string() in Python and use it instead (should be no
more than 10 lines).
Re: [aur-dev] [PATCH] Update the german translation
On Mon, Apr 04, 2011 at 05:30:03PM +0200, Wieland Hoffmann wrote: > Lukas Fleischer wrote: > > This is on my TODO list, but there's more important stuff on there. I'll > > probably add the missing entries myself as I'm a native German speaker. > > But thanks a lot! > > Any chance of this happening soon? The button next to the "actions" list > is saying "Suche" in the german version of the AUR at the moment, which > is more than confusing (and that was the reason why I submitted this > patch in the first place :p). Added missing strings myself and pushed that one [1]. [1] http://projects.archlinux.org/aur.git/commit/?id=feff71dd
Re: [aur-dev] [PATCH 3/3] convert to spaces
On Wed, Apr 06, 2011 at 12:59:10PM -0700, elij wrote: > On Wed, Apr 6, 2011 at 12:06 PM, Lukas Fleischer > wrote: > > On Tue, Apr 05, 2011 at 11:57:48PM -0700, elij wrote: > >> reformat with recommendation from pep8 for using spaces > >> --- > >> support/schema/gendummydata.py | 256 > >> > >> 1 files changed, 128 insertions(+), 128 deletions(-) > > > > Won't push that one, as long as we don't agree on an amendment of our > > coding standards. Refer to "HACKING". > > Ah. That is too bad. > I consider pep8 coding convention to be a 'good smell' when > contributing to python codebases. > > Based on patch feedback so far, it seems like our standards and > conventions are too dissimilar to be beneficial. I didn't say this is a no-go but we need to discuss this one and fix our coding guidelines if we agree on pushing this changeset. There already is some inconsistency with aurblup using spaces for indentation so this certainly is an area we need to work on. > I will fix up the previous patch-set and resend it, then I will stop > wasting my time and yours. Dude, I hope you don't take our feedback personal. I'm just trying to keep inconsistent and inconvenient stuff out of the code base as it already is way too patchy. Your patches are highly appreciated and I'll definitely push some of them if you clean them up.
[aur-dev] Using gettext for translations?
Hi, I thought about this sometime ago. The existing i8n files shouldn't be too hard to convert and we could move translation work to some more appropriate platform like Transifex which is used by pacman already. PHP gettext integration doesn't seem to be too bad and our PHP is compiled with gettext support by default, also. Any opinions/objections?
Re: [aur-dev] Using gettext for translations?
On Wed, Apr 06, 2011 at 10:26:35PM +0200, Lukas Fleischer wrote: > Hi, > > I thought about this sometime ago. The existing i8n files shouldn't be > too hard to convert and we could move translation work to some more > appropriate platform like Transifex which is used by pacman already. PHP > gettext integration doesn't seem to be too bad and our PHP is compiled > with gettext support by default, also. > > Any opinions/objections? Pushed a first draft to my "wip" branch. There still is a bunch of hacky stuff that needs to the reviewed or fixed. This should rather be considered as some code to play around with. Patches welcome.
Re: [aur-dev] Using gettext for translations?
On Wed, Apr 06, 2011 at 10:07:15PM -0500, Dan McGee wrote:
> On Wed, Apr 6, 2011 at 9:27 PM, Lukas Fleischer
> wrote:
> > On Wed, Apr 06, 2011 at 10:26:35PM +0200, Lukas Fleischer wrote:
> >> Hi,
> >>
> >> I thought about this sometime ago. The existing i8n files shouldn't be
> >> too hard to convert and we could move translation work to some more
> >> appropriate platform like Transifex which is used by pacman already. PHP
> >> gettext integration doesn't seem to be too bad and our PHP is compiled
> >> with gettext support by default, also.
> >>
> >> Any opinions/objections?
> >
> > Pushed a first draft to my "wip" branch. There still is a bunch of hacky
> > stuff that needs to the reviewed or fixed. This should rather be
> > considered as some code to play around with.
> >
> > Patches welcome.
>
> Hmm. You're missing like the most important part- how are you
> generating the original message catalog? I came up with this, this
> should be the very first patch as "make catalog" or something:
> $ grep -RFl '__(' web/* | xargs xgettext --default-domain=aur -L php
> --keyword=__
>
> And then naming this file aur.pot
Yes, this was on my TODO. The problem is that __() currently isn't
gettext-compatible (it's gettext() plus htmlspecialchars() plus some
broken sprintf reimplementation and thus expects more than one parameter
in some cases, when there's formatting sequences). I wasn't sure if
xgettext(1) could handle that but it seems it does. Thanks.
> A much better solution is obviously not to grep, but to put the
> filenames in a POTFILES file (pretty standard convention), and then
> using the --files-from flag. You can also use the --directory=web flag
> to not have to duplicate that in every path specified. Read the
> manpage of xgettext for some other things to consider: c-format
> strings, whether to include line number comments (I'd encourage
> against them as it generates a lot of churn in the files hiding the
> actual changes).
Yes, sounds good.
> Next, I'd recommend setting up some makefile shortcuts for running
> msgmerge to update the translation files from the catalog. Then use
> this to make another checkin of the language-specific po files so they
> are in a more "native" format, with the headers and all that.
Was on my TODO as well.
> Patch notes:
> * A capital gettext domain seems silly and out of character; I'd
> really just think about going with "aur".
Ack.
> * Use --check when calling msgfmt.
Ack.
Re: [aur-dev] Using gettext for translations?
On Wed, Apr 06, 2011 at 10:07:15PM -0500, Dan McGee wrote:
> On Wed, Apr 6, 2011 at 9:27 PM, Lukas Fleischer
> wrote:
> > On Wed, Apr 06, 2011 at 10:26:35PM +0200, Lukas Fleischer wrote:
> >> Hi,
> >>
> >> I thought about this sometime ago. The existing i8n files shouldn't be
> >> too hard to convert and we could move translation work to some more
> >> appropriate platform like Transifex which is used by pacman already. PHP
> >> gettext integration doesn't seem to be too bad and our PHP is compiled
> >> with gettext support by default, also.
> >>
> >> Any opinions/objections?
> >
> > Pushed a first draft to my "wip" branch. There still is a bunch of hacky
> > stuff that needs to the reviewed or fixed. This should rather be
> > considered as some code to play around with.
> >
> > Patches welcome.
>
> Hmm. You're missing like the most important part- how are you
> generating the original message catalog? I came up with this, this
> should be the very first patch as "make catalog" or something:
> $ grep -RFl '__(' web/* | xargs xgettext --default-domain=aur -L php
> --keyword=__
>
> And then naming this file aur.pot
Done. `make update-pot` can be used to (re)build the catalog now.
> A much better solution is obviously not to grep, but to put the
> filenames in a POTFILES file (pretty standard convention), and then
> using the --files-from flag. You can also use the --directory=web flag
> to not have to duplicate that in every path specified. Read the
> manpage of xgettext for some other things to consider: c-format
> strings, whether to include line number comments (I'd encourage
> against them as it generates a lot of churn in the files hiding the
> actual changes).
Yes, did that.
> Next, I'd recommend setting up some makefile shortcuts for running
> msgmerge to update the translation files from the catalog. Then use
> this to make another checkin of the language-specific po files so they
> are in a more "native" format, with the headers and all that.
Done. You can use `make update-po` to update all ".po" files or `make
$foo.po-update` to update a single ".po" file now.
> Patch notes:
> * A capital gettext domain seems silly and out of character; I'd
> really just think about going with "aur".
Done.
> * Use --check when calling msgfmt.
Done.
Re: [aur-dev] Using gettext for translations?
On Thu, Apr 07, 2011 at 04:27:23AM +0200, Lukas Fleischer wrote: > On Wed, Apr 06, 2011 at 10:26:35PM +0200, Lukas Fleischer wrote: > > Hi, > > > > I thought about this sometime ago. The existing i8n files shouldn't be > > too hard to convert and we could move translation work to some more > > appropriate platform like Transifex which is used by pacman already. PHP > > gettext integration doesn't seem to be too bad and our PHP is compiled > > with gettext support by default, also. > > > > Any opinions/objections? > > Pushed a first draft to my "wip" branch. There still is a bunch of hacky > stuff that needs to the reviewed or fixed. This should rather be > considered as some code to play around with. > > Patches welcome. "TRANSLATING" needs to be updated with some instructions on the new translation process. Maybe we could add some information on Transifex, also. I already created a new Tranifex project [1] and will move stuff there after merging stuff into "master". I will do that later if I get round to it, volunteers welcome! [1] http://www.transifex.net/projects/p/aur/
Re: [aur-dev] Patch for French translation
On Wed, Apr 06, 2011 at 11:03:41PM +0200, Cédric Girard wrote: > Hi, > > Here is a patch for the French translation. > > What have been done : > * Translation of "notify" has been changed to the literal translation > "notifier" which seems more appropriate (cf. recent thread on AUR-general) > * Uniformization of the translation of "flag" > * Addition of "TU" besides the translation of Trusted User as user may not > understand that Trusted User and "Utilisateur de confiance" are the same > thing > * Some capitalization correction (in French you don't put capital letters > in the middle of a sentence as you do eg for title in English). > * "unsupported" translation has been replaced by "unsupported" (with > quotes) as it makes no sense to translate it > * "Safe" translation has been replaced by "sûr" has it seems more > appropriate than "sain" (sane) > > I think that sum it up. > > I won't try to attach the patch as it seems not working very well ... Here > is a pastebin link instead: > http://pastebin.com/Gp8TBz1C Applied, thanks. Submitting patches here does work well if you attach them inline or as gzip'ed attachments. Iirc, we even have some note on that in "HACKING". [1] http://projects.archlinux.org/aur.git/commit/?id=77149ad0
Re: [aur-dev] some patches to gendummydata (take 3)
On Wed, Apr 06, 2011 at 07:27:59PM -0700, elij wrote: > On Wed, Apr 6, 2011 at 7:23 PM, elij wrote: > > Updated with changes Lukas requested. > > > > - split logging and mysql removal into separate patches > > - update logging patch with uppercase variable convention > > - drop tabs -> spaces patch > > - clarified commit messages > > hmm. looks like I missed a single line extraction in my rebase -i for > splitting the mysql and logging patches. > > > +CATEGORIES_COUNT = 17 # the number of categories from aur-schema > > I can fix and resend if desired. Nah, 's alright. I'll keep that in mind and fix it when applying your patches. Apart from that, your patches look fine to me now. I'll push them as soon as the gettext/Transifex transition is done.
[aur-dev] AUR 1.8.2 released
1.8.2 is out [1]. Yet another maintainance release before we dive into 1.9.0. This time, most of the changes are internal ones. There's still some changes visible to the end user: * Translation fixes for German and French. * Option to search for exact name matches only (FS#23556). * More stats in the front page table (thanks, Dan!) * Stricter checks for uploaded source tarballs. * Bumping up default per-page value to 50 (thanks again, Dan!) * Fixes for 14 XSS vulnerabilities in total. Check the Git log [2] for a complete list. The official Arch Linux AUR setup [3] will be upgraded soon! [1] http://projects.archlinux.org/aur.git/commit/?id=66882622 [2] http://projects.archlinux.org/aur.git/log/?id=66882622 [3] https://aur.archlinux.org/
[aur-dev] AUR migrating to gettext and Transifex
Hi, folks! I've just merged my gettext wip branch into master and pushed that to gerolde. From now on, AUR translations will be managed via Transifex [1]. That removes the need for sending git-formatted patches to aur-dev and improves collaboration. It'll hopefully also support cross-project work (pacman has been using Transifex for some time already). All current translation maintainers are encouraged to sign up for an account and request the addition of a new language team. You can find our project page on [2]. Cheers! [1] http://www.transifex.net/ [2] http://www.transifex.net/projects/p/aur/
Re: [aur-dev] AUR migrating to gettext and Transifex
On Sun, Apr 10, 2011 at 05:23:27PM +0100, Peter Lewis wrote: > On Sun, 10 Apr 2011, Lukas Fleischer wrote: > > I've just merged my gettext wip branch into master and pushed that to > > gerolde. From now on, AUR translations will be managed via Transifex > > [1]. That removes the need for sending git-formatted patches to aur-dev > > and improves collaboration. It'll hopefully also support cross-project > > work (pacman has been using Transifex for some time already). > > > > All current translation maintainers are encouraged to sign up for an > > account and request the addition of a new language team. You can find > > our project page on [2]. > > Can we have a pirate translation? I quite like the idea of downloading > PKGBUILDS > from the AUaaargh. > > :-) If you happen to spot an appropriate locale, feel free to request a language team addition on Transifex :)
Re: [aur-dev] [PATCH] Fix performance issues with new PackageDepends lookups
On Mon, Apr 11, 2011 at 08:03:43PM -0500, Dan McGee wrote: > We do a lookup by DepName in the package details view, but I made the > silly mistake of forgetting this index addition in the upgrade steps. > > Signed-off-by: Dan McGee > --- > > Lukas- said missing index was the cause of the increased CPU usage/load on > sigurd, it appears. I already created this index in production as I was the > one > who forgot it in my last set of patches, whoops! How serious is this? I didn't check server load recently. If this one really stresses the server, we should probably put this into another maintainance release instead of 1.9.0 (although I'm not sure if anyone will care).
Re: [aur-dev] [PATCH] Fix performance issues with new PackageDepends lookups
On Tue, Apr 12, 2011 at 11:23:38AM +0200, Lukas Fleischer wrote: > On Mon, Apr 11, 2011 at 08:03:43PM -0500, Dan McGee wrote: > > We do a lookup by DepName in the package details view, but I made the > > silly mistake of forgetting this index addition in the upgrade steps. > > > > Signed-off-by: Dan McGee > > --- > > > > Lukas- said missing index was the cause of the increased CPU usage/load on > > sigurd, it appears. I already created this index in production as I was the > > one > > who forgot it in my last set of patches, whoops! > > How serious is this? I didn't check server load recently. If this one > really stresses the server, we should probably put this into another > maintainance release instead of 1.9.0 (although I'm not sure if anyone > will care). Just had a look at the Munin stats for sigurd. Looks like the missing index makes CPU usage go up by an average of 30% which is quite much...
Re: [aur-dev] some patches to gendummydata (take 3)
On Thu, Apr 07, 2011 at 03:21:48PM +0200, Lukas Fleischer wrote: > On Wed, Apr 06, 2011 at 07:27:59PM -0700, elij wrote: > > On Wed, Apr 6, 2011 at 7:23 PM, elij wrote: > > > Updated with changes Lukas requested. > > > > > > - split logging and mysql removal into separate patches > > > - update logging patch with uppercase variable convention > > > - drop tabs -> spaces patch > > > - clarified commit messages > > > > hmm. looks like I missed a single line extraction in my rebase -i for > > splitting the mysql and logging patches. > > > > > +CATEGORIES_COUNT = 17 # the number of categories from aur-schema > > > > I can fix and resend if desired. > > Nah, 's alright. I'll keep that in mind and fix it when applying your > patches. > > Apart from that, your patches look fine to me now. I'll push them as > soon as the gettext/Transifex transition is done. Pushed, including the "CATEGORIES_COUNT" fix. I also changed the random number range used in genCategory() in the MySQL dependency patch to generate 1-based IDs instead of 0-based ones. Otherwise it would generate wrong IDs and foreign key constraints on the "CategoryID" column would fail when importing dummy data into the database.
[aur-dev] AUR new package notification
I'm not subscribed to new package notifications but it seems like AUR this feature has been disabled for a while now. At least, I did neither find a cronjob running "newpackage-notify" nor the "tupkgs.conf" configuration file that is required to run this script. Browsing the aur-dev archives, I also found a mail [1] from 2008 reporting that the cronjob was obviously disabled. Do we still need this at all? Given that there were no complaints for more than two years and that there's a RSS feed [2] for new packages, I'd say we can drop the notification script as well as the field on the account page. Objections? [1] http://mailman.archlinux.org/pipermail/aur-dev/2008-June/000323.html [2] https://aur.archlinux.org/rss.php
[aur-dev] Testing patches introducing database layout changes
Hi, folks! Just as a recommendation to (regular) contributors: Any patches changing the database layout or the way information is stored in the database should be tested by rebuilding and reloading dummy data into the database in addition to usual testing before submitting them to aur-dev: $ cd support/schema/ $ ./gendummydata.py dummy-data.sql && ./reloadtestdb.sh This way, we can ensure that the patch does neither break the schema file nor the dummy data generation script. Maybe we could also make "./gendummydata.py" a bit more modular and run a slimmed down version to avoid delays here. I came up with this cause I just pushed two patches fixing regressions in "aur-schema.sql" and "gendummydata.py" once again. Please don't get the wrong end of the stick: This is no accusation but a simple proposition to improve our workflow. Affected patches are broken because those changes are hard to spot by just skimming through the source code and because I forgot to do these tests before signing off and pushing.
Re: [aur-dev] [PATCH 4/4] rpc: allow multiple args on info query
On Tue, Apr 12, 2011 at 09:05:05AM -0500, Dan McGee wrote: > On Tue, Apr 12, 2011 at 8:52 AM, Justin Davis wrote: > > Tuxce submitted a similiar patch awhile back: > > http://mailman.archlinux.org/pipermail/aur-dev/2010-November/001349.html > > The patch file isn't on the mailing list but I have it in my inbox still. > Looks quite similar, although mine is part of a bigger overhaul and > not a one-off change to just the info method. I didn't even know it > existed. Lukas, if you end up going with mine it should probably > reference FS#17583. Yeah, I knew about FS#17583 and I'll put it in the commit message (regardless of which patch I will finally push). > > I remember because I added a few patches to it. Are packages returned > > in the same order that their names are given? > Hold up. This is absurd- you are dealing with a JSON dictionary, not a > server-side sorting web service API. There is not and *should* not be > any guarantee of order. Ack. Each search result as a "Name" field which can be used to map the result back to the query. > > I remember this was a > > problem with Tuxce's patch (which I patched). What about queries that > > do not match any results? Will the array of results be smaller than > > the number of queries? From reading the first patch in this thread, it > > seems that if IDs and names are used as query args their order is lost > > because they are split into separate arrays. When using WHERE IN do > > the results match the order of query arguments? Because we are > > returning a JSON array, order is important to associate results with > > our query. > Strongly disagree. Using the keys (package names) associated with each > grouping of data is. Validate what you get back and stop trusting the > server. > > > I like using spaces better and don't see how they could have a > > different meaning in msearch. It seems like spaces would have a > > similar meaning when used in args to msearch (splits keywords for > > msearch, names/ids for info). It's not really a big deal though... I > > can live with the ugliness... > So you're saying for two of the three, we should support spaces? Talk > about a maintenance and API nightmare if this implementation ever > changes again down the road... Your calling code either works as > before, or you change it to pass arg[] keys instead of arg keys. I > hate the syntax but it also doesn't make sense to resort to > non-standard URI parsing just for the sake of it. Yes, this is kinda ugly. I'm not really happy with either of the implementations but Dan's approach still looks better to me so far.
Re: [aur-dev] [PATCH 4/4] rpc: allow multiple args on info query
On Tue, Apr 12, 2011 at 01:05:28PM +0200, Tuxce wrote:
> >From d7d06859ddc9425930e586a0685f09f9798dfddc Mon Sep 17 00:00:00 2001
> From: tuxce
> Date: Tue, 12 Apr 2011 12:42:30 +0200
> Subject: [PATCH] rpc: unify methods return.
>
> Include maintainer in info and search method.
You should mention FS#17597 here. Just add something like "(fixes
FS#17597)" to the commit message.
> ---
> web/lib/aurjson.class.php | 20
> 1 files changed, 8 insertions(+), 12 deletions(-)
>
> diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
> index 57096d8..3283a92 100644
> --- a/web/lib/aurjson.class.php
> +++ b/web/lib/aurjson.class.php
> @@ -82,6 +82,11 @@ class AurJSON {
> }
>
> private function process_query($type, $query) {
> +$fields = implode(',', self::$fields);
> +$query = "SELECT Users.Username as Maintainer, {$fields} " .
> +" FROM Packages LEFT JOIN Users " .
> +"on Packages.MaintainerUID = Users.ID " .
Please strip leading whitespaces and use upper case for "ON".
> +" WHERE ${query}";
We should probably think about renaming "$query" to something more
appropriate as we don't pass an entire MySQL query here anymore.
> $result = db_query($query, $this->dbh);
>
> if ( $result && (mysql_num_rows($result) > 0) ) {
> @@ -140,13 +145,10 @@ class AurJSON {
> return $this->json_error('Query arg too small');
> }
>
> -$fields = implode(',', self::$fields);
> $keyword_string = mysql_real_escape_string($keyword_string,
> $this->dbh);
> $keyword_string = addcslashes($keyword_string, '%_');
>
> -$query = "SELECT {$fields} " .
> -" FROM Packages WHERE " .
> -" ( Name LIKE '%{$keyword_string}%' OR " .
> +$query = " ( Name LIKE '%{$keyword_string}%' OR " .
> "Description LIKE '%{$keyword_string}%' )";
>
> return $this->process_query('search', $query);
> @@ -158,7 +160,6 @@ class AurJSON {
> * @return mixed Returns an array of value data containing the package
> data
> **/
> private function info($pqdata) {
> -$fields = implode(',', self::$fields);
> $args = $this->parse_info_args($pqdata);
> $ids = $args['ids'];
> $names = $args['names'];
> @@ -167,8 +168,7 @@ class AurJSON {
> return $this->json_error('Invalid query arguments');
> }
>
> -$query = "SELECT {$fields} " .
> -" FROM Packages WHERE ";
> +$query = "";
> if ($ids) {
> $ids_value = implode(',', $args['ids']);
> $query .= "ID IN ({$ids_value})";
> @@ -191,13 +191,9 @@ class AurJSON {
> * @return mixed Returns an array of value data containing the package
> data
> **/
> private function msearch($maintainer) {
> -$fields = implode(',', self::$fields);
> $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
>
> -$query = "SELECT Users.Username as Maintainer, {$fields} " .
> -" FROM Packages, Users WHERE " .
> -" Packages.MaintainerUID = Users.ID AND " .
> -" Users.Username = '{$maintainer}'";
> +$query = " Users.Username = '{$maintainer}'";
>
> return $this->process_query('msearch', $query);
> }
> --
> 1.7.4.4
>
Apart from that, this one looks okay to me :)
Re: [aur-dev] [PATCH] Fix performance issues with new PackageDepends lookups
On Tue, Apr 12, 2011 at 09:10:13AM -0500, Dan McGee wrote: > On Tue, Apr 12, 2011 at 4:36 AM, Lukas Fleischer > wrote: > > On Tue, Apr 12, 2011 at 11:23:38AM +0200, Lukas Fleischer wrote: > >> On Mon, Apr 11, 2011 at 08:03:43PM -0500, Dan McGee wrote: > >> > We do a lookup by DepName in the package details view, but I made the > >> > silly mistake of forgetting this index addition in the upgrade steps. > >> > > >> > Signed-off-by: Dan McGee > >> > --- > >> > > >> > Lukas- said missing index was the cause of the increased CPU usage/load > >> > on > >> > sigurd, it appears. I already created this index in production as I was > >> > the one > >> > who forgot it in my last set of patches, whoops! > >> > >> How serious is this? I didn't check server load recently. If this one > >> really stresses the server, we should probably put this into another > >> maintainance release instead of 1.9.0 (although I'm not sure if anyone > >> will care). > > > > Just had a look at the Munin stats for sigurd. Looks like the missing > > index makes CPU usage go up by an average of 30% which is quite much... > > I wouldn't worry about it unless you really want to spend time > preparing a release- if you know one site running the AUR code that is > at even 10% of the capacity of the main site, I'd be surprised. And > they should be following this list anyway, and could apply the index > at any time. :) Yeah. I also noticed that this wouldn't be easy without releasing new features (e.g. the gettext stuff that I pushed before) at the same time. We'd have to create a new maintainance branch and cherry-pick or rebase what is in master right now. On the other side, having separate master and maintainance branches might be a good thing anyway...
