May 2011 - Aur-dev - lists.archlinux.org

[aur-dev] [PATCH 1/1] Make cache type selectable based on config value
by elij 22 Jun '11

22 Jun '11

Provie a mechanism to specify cache type from NONE, APC, or MEMCACHE based on a config variable. If MEMCACHE type is selected, a list of servers can be specified to provide multiserver support. Note that php-memcaced is required for MEMCACHE support. --- web/lib/aur.inc.php | 49 +----------------------- web/lib/cachefuncs.inc.php | 85 ++++++++++++++++++++++++++++++++++++++++++ web/lib/config.inc.php.proto | 10 +++++ 3 files changed, 96 insertions(+), 48 deletions(-) create mode 100644 web/lib/cachefuncs.inc.php diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 7cf43e6..e65677d 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -13,12 +13,7 @@ set_lang(); include_once("config.inc.php"); include_once("version.inc.php"); include_once("acctfuncs.inc.php"); - -# Check if APC extension is loaded, and set cache prefix if it is -if (!defined('EXTENSION_LOADED_APC')) { - define('EXTENSION_LOADED_APC', extension_loaded('apc')); - define('APC_PREFIX', 'aur:'); -} +include_once("cachefuncs.inc.php"); # see if the visitor is already logged in # @@ -263,48 +258,6 @@ function db_query($query="", $db_handle="") { return $result; } -# set a value in the cache (currently apc) if cache -# is available for use. if not available, this becomes -# effectively a no-op (return value is false) -# accepts an optional TTL (defaults to 600 seconds) -function set_cache_value($key, $value, $ttl=600) { - $status = false; - if (EXTENSION_LOADED_APC) { - $status = apc_store(APC_PREFIX.$key, $value, $ttl); - } - return $status; -} - -# get a value from the cache (currently apc) if cache -# is available for use. if not available, this -# returns false (optionally sets passed in variable $status -# to false, much like apc_fetch behaves). this allows -# for testing the fetch result appropriately even in the event -# that a 'false' value was the value in the cache. -function get_cache_value($key, &$status=false) { - if(EXTENSION_LOADED_APC) { - $ret = apc_fetch(APC_PREFIX.$key, $status); - if ($status) { - return $ret; - } - } - return $status; -} - -# run a simple db query, retrieving and/or caching the value if APC -# is available for use -# accepts an optioanal TTL value (defaults to 600 seconds) -function db_cache_value($dbq, $dbh, $key, $ttl=600) { - $status = false; - $value = get_cache_value($key, $status); - if (!$status) { - $result = db_query($dbq, $dbh); - $row = mysql_fetch_row($result); - $value = $row[0]; - set_cache_value($key, $value, $ttl); - } - return $value; -} # set up the visitor's language # diff --git a/web/lib/cachefuncs.inc.php b/web/lib/cachefuncs.inc.php new file mode 100644 index 0000000..8e32370 --- /dev/null +++ b/web/lib/cachefuncs.inc.php @@ -0,0 +1,85 @@ +<?php + +if (!defined('CACHE_TYPE')) { + define('CACHE_TYPE', 'NONE'); +} + +# Check if APC extension is loaded, and set cache prefix if it is +if (CACHE_TYPE == 'APC' && !defined('EXTENSION_LOADED_APC')) { + define('EXTENSION_LOADED_APC', extension_loaded('apc')); + define('CACHE_PREFIX', 'aur:'); +} + +# Check if memcache extension is loaded, and set cache prefix if it is +if (CACHE_TYPE == 'MEMCACHE' && !defined('EXTENSION_LOADED_MEMCACHE')) { + define('EXTENSION_LOADED_MEMCACHE', extension_loaded('memcached')); + define('CACHE_PREFIX', 'aur:'); + global $memcache; + $memcache = new Memcached(); + $mcs = defined('MEMCACHE_SERVERS') ? MEMCACHE_SERVERS : '127.0.0.1:11211'; + foreach (explode(',', $mcs) as $elem) { + $telem = trim($elem); + $mcserver = explode(':', $telem); + $memcache->addServer($mcserver[0], intval($mcserver[1])); + } +} + +# set a value in the cache (currently apc) if cache +# is available for use. if not available, this becomes +# effectively a no-op (return value is false) +# accepts an optional TTL (defaults to 600 seconds) +function set_cache_value($key, $value, $ttl=600) { + $status = false; + if (defined('EXTENSION_LOADED_APC')) { + $status = apc_store(CACHE_PREFIX.$key, $value, $ttl); + } + if (defined('EXTENSION_LOADED_MEMCACHE')) { + global $memcache; + $status = $memcache->set(CACHE_PREFIX.$key, $value, $ttl); + } + return $status; +} + +# get a value from the cache (currently apc) if cache +# is available for use. if not available, this +# returns false (optionally sets passed in variable $status +# to false, much like apc_fetch behaves). this allows +# for testing the fetch result appropriately even in the event +# that a 'false' value was the value in the cache. +function get_cache_value($key, &$status=false) { + if(defined('EXTENSION_LOADED_APC')) { + $ret = apc_fetch(CACHE_PREFIX.$key, $status); + if ($status) { + return $ret; + } + } + if (defined('EXTENSION_LOADED_MEMCACHE')) { + global $memcache; + $ret = $memcache->get(CACHE_PREFIX.$key); + if (!$ret) { + $status = false; + } + else { + $status = true; + } + return $ret; + } + return $status; +} + +# run a simple db query, retrieving and/or caching the value if APC +# is available for use +# accepts an optioanal TTL value (defaults to 600 seconds) +function db_cache_value($dbq, $dbh, $key, $ttl=600) { + $status = false; + $value = get_cache_value($key, $status); + if (!$status) { + $result = db_query($dbq, $dbh); + $row = mysql_fetch_row($result); + $value = $row[0]; + set_cache_value($key, $value, $ttl); + } + return $value; +} + +?> diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto index 43c64d2..5351a4a 100644 --- a/web/lib/config.inc.php.proto +++ b/web/lib/config.inc.php.proto @@ -24,6 +24,16 @@ define("DEFAULT_LANG", "en"); # development. Should not be enabled in production. Default to 0 (off). define("SQL_DEBUG", 0); +# set cache type. Either "APC", "MEMCACHE", or "NONE" +# defaults to NONE +# +#define("CACHE_TYPE", "APC"); +#define("CACHE_TYPE", "MEMCACHE"); +# if using memcache cache_type, list servers. you can separate multiple +# servers with a comma, ex: '127.0.0.1:11211,127.0.0.1:11212' +# if undefined, defaults to '127.0.0.1:11211' +#define("MEMCACHE_SERVERS", '127.0.0.1:11211'); + # Languages we have translations for $SUPPORTED_LANGS = array( "ca" => "Català", -- 1.7.2.5

2 4

[aur-dev] [PATCH 1/1] rename *.inc files to *.inc.php and adjust imports and references
by elij 21 Jun '11

21 Jun '11

--- .gitignore | 1 + TRANSLATING | 2 +- web/README | 4 ++-- web/html/account.php | 4 ++-- web/html/addvote.php | 2 +- web/html/index.php | 4 ++-- web/html/logout.php | 4 ++-- web/html/packages.php | 8 ++++---- web/html/passreset.php | 2 +- web/html/pkgsubmit.php | 6 +++--- web/html/rss.php | 2 +- web/html/tu.php | 2 +- web/html/voters.php | 4 ++-- web/lib/{acctfuncs.inc => acctfuncs.inc.php} | 0 web/lib/{aur.inc => aur.inc.php} | 8 ++++---- web/lib/aurjson.class.php | 2 +- web/lib/{config.inc.proto => config.inc.php.proto} | 0 web/lib/{pkgfuncs.inc => pkgfuncs.inc.php} | 2 +- web/lib/{stats.inc => stats.inc.php} | 2 +- web/lib/{translator.inc => translator.inc.php} | 2 +- web/lib/{version.inc => version.inc.php} | 0 web/template/pkg_search_form.php | 2 +- web/template/template.phps | 4 ++-- 23 files changed, 34 insertions(+), 33 deletions(-) rename web/lib/{acctfuncs.inc => acctfuncs.inc.php} (100%) rename web/lib/{aur.inc => aur.inc.php} (99%) rename web/lib/{config.inc.proto => config.inc.php.proto} (100%) rename web/lib/{pkgfuncs.inc => pkgfuncs.inc.php} (99%) rename web/lib/{stats.inc => stats.inc.php} (98%) rename web/lib/{translator.inc => translator.inc.php} (97%) rename web/lib/{version.inc => version.inc.php} (100%) diff --git a/.gitignore b/.gitignore index b1fb977..11e9b7e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ robots.txt *.swp web/lib/config.inc +web/lib/config.inc.php *.DS_Store web/html/xml/*.xml dummy-data.sql* diff --git a/TRANSLATING b/TRANSLATING index 56b3383..d8f1bd4 100644 --- a/TRANSLATING +++ b/TRANSLATING @@ -38,7 +38,7 @@ $ msginit -l <locale> -o <locale>.po -i aur.pot $ poedit <locale>.po 5. If you have a working AUR setup, add a line for the new translation in - "web/lib/config.inc.proto" and test if everything looks right. + "web/lib/config.inc.php.proto" and test if everything looks right. 6. Upload the newly created ".po" file to Transifex. If you don't like the web interface, you can also use transifex-client to do that (see below). diff --git a/web/README b/web/README index 9bd3ecb..b8d1b72 100644 --- a/web/README +++ b/web/README @@ -97,9 +97,9 @@ Setup on Arch Linux: can insert garbage addresses with: mysql> UPDATE Users SET Email = RAND() * RAND(); -7) Copy the config.inc.proto file to config.inc. Modify as needed. +7) Copy the config.inc.php.proto file to config.inc.php. Modify as needed. # cd ~/aur/web/lib/ - # cp config.inc.proto config.inc + # cp config.inc.php.proto config.inc.php 8) Point your browser to http://aur diff --git a/web/html/account.php b/web/html/account.php index afb0d7c..ca05d1a 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -2,8 +2,8 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once('aur.inc'); # access AUR common functions -include_once('acctfuncs.inc'); # access Account specific functions +include_once('aur.inc.php'); # access AUR common functions +include_once('acctfuncs.inc.php'); # access Account specific functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in diff --git a/web/html/addvote.php b/web/html/addvote.php index a459610..fe3037d 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -2,7 +2,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); +include_once("aur.inc.php"); set_lang(); check_sid(); html_header(); diff --git a/web/html/index.php b/web/html/index.php index 33c39eb..ffc5f00 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,11 +2,11 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); +include_once("aur.inc.php"); set_lang(); check_sid(); -include_once('stats.inc'); +include_once('stats.inc.php'); html_header( __("Home") ); diff --git a/web/html/logout.php b/web/html/logout.php index 95cf460..dee6456 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -2,8 +2,8 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions -include_once("acctfuncs.inc"); # access AUR common functions +include_once("aur.inc.php"); # access AUR common functions +include_once("acctfuncs.inc.php"); # access AUR common functions # if they've got a cookie, log them out - need to do this before diff --git a/web/html/packages.php b/web/html/packages.php index abc6637..4a1fa88 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -2,10 +2,10 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions -set_lang(); # this sets up the visitor's language -include_once('pkgfuncs.inc'); # package specific functions -check_sid(); # see if they're still logged in +include_once("aur.inc.php"); # access AUR common functions +set_lang(); # this sets up the visitor's language +include_once('pkgfuncs.inc.php'); # package specific functions +check_sid(); # see if they're still logged in # Set the title to the current query if required if (isset($_GET['ID']) && ($pkgname = pkgname_from_id($_GET['ID']))) { diff --git a/web/html/passreset.php b/web/html/passreset.php index 0ce6f7d..ed5d4d3 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -2,7 +2,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions +include_once("aur.inc.php"); # access AUR common functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 26608ea..b5fe3b7 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -1,12 +1,12 @@ <?php set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("config.inc"); +include_once("config.inc.php"); require_once('Archive/Tar.php'); -include_once("aur.inc"); # access AUR common functions -include_once("pkgfuncs.inc"); # package functions +include_once("aur.inc.php"); # access AUR common functions +include_once("pkgfuncs.inc.php"); # package functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in diff --git a/web/html/rss.php b/web/html/rss.php index 1f808b6..c7de4c6 100644 --- a/web/html/rss.php +++ b/web/html/rss.php @@ -1,7 +1,7 @@ <?php set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang'); -include_once("aur.inc"); +include_once("aur.inc.php"); include_once("feedcreator.class.php"); #detect prefix diff --git a/web/html/tu.php b/web/html/tu.php index 6ab8ae9..6e202c8 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -2,7 +2,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); +include_once("aur.inc.php"); set_lang(); check_sid(); html_header(); diff --git a/web/html/voters.php b/web/html/voters.php index 6a16818..aa2aa50 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -1,7 +1,7 @@ <?php set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include('aur.inc'); -include('pkgfuncs.inc'); +include('aur.inc.php'); +include('pkgfuncs.inc.php'); function getvotes($pkgid) { $dbh = db_connect(); diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc.php similarity index 100% rename from web/lib/acctfuncs.inc rename to web/lib/acctfuncs.inc.php diff --git a/web/lib/aur.inc b/web/lib/aur.inc.php similarity index 99% rename from web/lib/aur.inc rename to web/lib/aur.inc.php index c31c3e9..7cf43e6 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc.php @@ -7,12 +7,12 @@ header('Pragma: no-cache'); date_default_timezone_set('UTC'); -include_once('translator.inc'); +include_once('translator.inc.php'); set_lang(); -include_once("config.inc"); -include_once("version.inc"); -include_once("acctfuncs.inc"); +include_once("config.inc.php"); +include_once("version.inc.php"); +include_once("acctfuncs.inc.php"); # Check if APC extension is loaded, and set cache prefix if it is if (!defined('EXTENSION_LOADED_APC')) { diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 0f8e2fa..5d15b89 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -4,7 +4,7 @@ * * This file contains the AurRPC remote handling class **/ -include_once("aur.inc"); +include_once("aur.inc.php"); /** * This class defines a remote interface for fetching data diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.php.proto similarity index 100% rename from web/lib/config.inc.proto rename to web/lib/config.inc.php.proto diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc.php similarity index 99% rename from web/lib/pkgfuncs.inc rename to web/lib/pkgfuncs.inc.php index 2024aeb..7d46541 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc.php @@ -1,5 +1,5 @@ <?php -include_once("config.inc"); +include_once("config.inc.php"); # Make sure this visitor can delete the requested package comment # They can delete if they were the comment submitter, or if they are a TU/Dev diff --git a/web/lib/stats.inc b/web/lib/stats.inc.php similarity index 98% rename from web/lib/stats.inc rename to web/lib/stats.inc.php index 67fbdca..2690a5c 100644 --- a/web/lib/stats.inc +++ b/web/lib/stats.inc.php @@ -1,6 +1,6 @@ <?php -include_once('aur.inc'); +include_once('aur.inc.php'); function updates_table($dbh) { diff --git a/web/lib/translator.inc b/web/lib/translator.inc.php similarity index 97% rename from web/lib/translator.inc rename to web/lib/translator.inc.php index 903b061..44c87bd 100644 --- a/web/lib/translator.inc +++ b/web/lib/translator.inc.php @@ -12,7 +12,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR # print __("%s has %s apples.", "Bill", "5"); # print __("This is a %hmajor%h problem!", "", ""); -include_once('config.inc'); +include_once('config.inc.php'); include_once('gettext.php'); include_once('streams.php'); diff --git a/web/lib/version.inc b/web/lib/version.inc.php similarity index 100% rename from web/lib/version.inc rename to web/lib/version.inc.php diff --git a/web/template/pkg_search_form.php b/web/template/pkg_search_form.php index 281cdc3..53d34fe 100644 --- a/web/template/pkg_search_form.php +++ b/web/template/pkg_search_form.php @@ -1,4 +1,4 @@ -<?php include_once('pkgfuncs.inc') ?> +<?php include_once('pkgfuncs.inc.php') ?> <div class='pgbox'> <form action='packages.php' method='get'> diff --git a/web/template/template.phps b/web/template/template.phps index 591a03c..841277b 100644 --- a/web/template/template.phps +++ b/web/template/template.phps @@ -4,14 +4,14 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include("aur.inc"); # access AUR common functions +include("aur.inc.php"); # access AUR common functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in html_header(); # print out the HTML header # Any text you print out to the visitor, use the __() function -# for i18n support. See web/lib/translator.inc for more info. +# for i18n support. See web/lib/translator.inc.php for more info. # print __("Hi, this is worth reading!")." \n"; -- 1.7.2.5

2 3

[aur-dev] refactor apc cache code (centralize and genericize)
by elij 01 Jun '11

01 Jun '11

The first patch is a slight refactor and move of the apc cache code, out of stats.inc into aur.inc. This is to make it available for other code to utilize if desired. I made it a bit more generic, so other referncing code does not have to supply a cache prefix. It will apply a prefix on behalf of the calling cache_set code, and utilize the prefix on cache_get code. The second patch changes rss.php to use the apc cache, instead of a file based cache.

2 7

[aur-dev] [PATCH 1/1] fix two issues (php notice level) with html/rss.php
by elij 28 May '11

28 May '11

- Undefined index: HTTPS in rss.php on line 8 - Undefined property: RSSCreator20::$cssStyleSheet in feedcreator.class.php on line 591 --- web/html/rss.php | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/web/html/rss.php b/web/html/rss.php index 0547815..d0a202b 100644 --- a/web/html/rss.php +++ b/web/html/rss.php @@ -5,10 +5,12 @@ include_once("aur.inc"); include_once("feedcreator.class.php"); #detect prefix -$protocol = $_SERVER["HTTPS"]=='on' ? "https" : "http"; +$protocol = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=='on' ? "https" : "http"; $host = $_SERVER['HTTP_HOST']; $rss = new RSSCreator20(); +$rss->cssStyleSheet = false; +$rss->xslStyleSheet = false; # Use UTF-8 (fixes FS#10706). $rss->encoding = "UTF-8"; -- 1.7.2.5

1 0

[aur-dev] [PATCH 1/1] restructure the html/rpc.php endpoint
by elij 28 May '11

28 May '11

- move request_method test to the top, and catch other request types (HEAD, PUT, etc) - change how html output is handled. instead of building a string, just output the html - set appropriate response header for incorrect request_method. --- web/html/rpc.php | 60 ++++++++++++++++++++++++++++------------------------- 1 files changed, 32 insertions(+), 28 deletions(-) diff --git a/web/html/rpc.php b/web/html/rpc.php index 1a9ca34..27439db 100644 --- a/web/html/rpc.php +++ b/web/html/rpc.php @@ -1,36 +1,40 @@ <?php - set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); - include_once("aurjson.class.php"); -if ( $_SERVER['REQUEST_METHOD'] == 'GET' ) { - if ( isset($_GET['type']) ) { - $rpc_o = new AurJSON(); - echo $rpc_o->handle($_GET); - } - else { - // dump a simple usage output for people to use. - // this could be moved to an api doc in the future, or generated from - // the AurJSON class directly with phpdoc. For now though, just putting it here. - echo '<html><body>'; - echo 'The methods currently allowed are: '; - echo '<ul>'; - echo '<li>search</li>'; - echo '<li>info</li>'; - echo '<li>multiinfo</li>'; - echo '<li>msearch</li>'; - echo '</ul> '; - echo 'Each method requires the following HTTP GET syntax: '; - echo '   type=methodname&arg=data '; - echo 'Where methodname is the name of an allowed method, and data is the argument to the call. '; - echo ' '; - echo 'If you need jsonp type callback specification, you can provide an additional variable callback. '; - echo 'Example URL:    http://aur-url/rpc.php?type=search&arg=foobar&callback=jsonp1192244621103'; - echo '</body></html>'; - } +if ( $_SERVER['REQUEST_METHOD'] != 'GET' ) { + header('HTTP/1.1 405 Method Not Allowed'); +} + +if ( isset($_GET['type']) ) { + $rpc_o = new AurJSON(); + echo $rpc_o->handle($_GET); } else { - echo 'POST NOT SUPPORTED'; + // dump a simple usage output for people to use. + // this could be moved to an api doc in the future, or generated from + // the AurJSON class directly with phpdoc. For now though, just putting it + // here. +?> +<html><body> +The methods currently allowed are: +<ul> + <li>search</li> + <li>info</li> + <li>multiinfo</li> + <li>msearch</li> +</ul> +Each method requires the following HTTP GET syntax: +   type=methodname&arg=data + +Where methodname is the name of an allowed method, and data is the argument to the call. + +If you need jsonp type callback specification, you can provide an additional variable callback. + +Example URL: +    http://aur-url/rpc.php?type=search&arg=foobar&callback=jsonp1192244621103 +</body></html> +<?php +// close if statement } ?> -- 1.7.2.5

1 1

[aur-dev] [PATCH 1/1] wrap mysql_real_escape_string in a function
by elij 17 May '11

17 May '11

wrap mysql_real_escape_string in a wrapper function db_escape_string to ease porting to other databases, and as another step to pulling more of the database code into a central location. --- web/html/account.php | 2 +- web/html/addvote.php | 10 +++++----- web/html/logout.php | 2 +- web/html/passreset.php | 4 ++-- web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------ web/html/voters.php | 2 +- web/lib/acctfuncs.inc | 26 +++++++++++++------------- web/lib/aur.inc | 7 +++++++ web/lib/aurjson.class.php | 8 ++++---- web/lib/pkgfuncs.inc | 12 ++++++------ web/lib/stats.inc | 2 +- web/template/pkg_comment_form.php | 2 +- 12 files changed, 60 insertions(+), 53 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index afb0d7c..b66d453 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -111,7 +111,7 @@ if (isset($_COOKIE["AURSID"])) { $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; $q.= "AND Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; + $q.= db_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); diff --git a/web/html/addvote.php b/web/html/addvote.php index 5936d56..e0d8b55 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -20,13 +20,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $error = ""; if (!empty($_POST['user'])) { - $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'"; + $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'"; $check = mysql_num_rows(db_query($qcheck, $dbh)); if ($check == 0) { $error.= __("Username does not exist."); } else { - $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'"; + $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'"; $qcheck.= " AND End > UNIX_TIMESTAMP()"; $check = mysql_num_rows(db_query($qcheck, $dbh)); @@ -55,9 +55,9 @@ if ($atype == "Trusted User" OR $atype == "Developer") { if (!empty($_POST['addVote']) && empty($error)) { $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; - $q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', "; - $q.= "'" . mysql_real_escape_string($_POST['user']) . "', "; - $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len); + $q.= "('" . db_escape_string($_POST['agenda']) . "', "; + $q.= "'" . db_escape_string($_POST['user']) . "', "; + $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len); $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; db_query($q, $dbh); diff --git a/web/html/logout.php b/web/html/logout.php index 95cf460..f071fc3 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -12,7 +12,7 @@ include_once("acctfuncs.inc"); # access AUR common functions if (isset($_COOKIE["AURSID"])) { $dbh = db_connect(); $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= db_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); # setting expiration to 1 means '1 second after midnight January 1, 1970' setcookie("AURSID", "", 1, "/"); diff --git a/web/html/passreset.php b/web/html/passreset.php index 0ce6f7d..10f4813 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -40,8 +40,8 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir Salt = '$salt', ResetKey = '' WHERE ResetKey != '' - AND ResetKey = '".mysql_real_escape_string($resetkey)."' - AND Email = '".mysql_real_escape_string($email)."'"; + AND ResetKey = '".db_escape_string($resetkey)."' + AND Email = '".db_escape_string($email)."'"; $result = db_query($q, $dbh); if (!mysql_affected_rows($dbh)) { $error = __('Invalid e-mail and reset key combination.'); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 26608ea..04f002b 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -299,7 +299,7 @@ if ($uid): $dbh = db_connect(); - $q = "SELECT * FROM Packages WHERE Name = '" . mysql_real_escape_string($new_pkgbuild['pkgname']) . "'"; + $q = "SELECT * FROM Packages WHERE Name = '" . db_escape_string($new_pkgbuild['pkgname']) . "'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -318,7 +318,7 @@ if ($uid): # If a new category was chosen, change it to that if ($_POST['category'] > 1) { $q = sprintf( "UPDATE Packages SET CategoryID = %d WHERE ID = %d", - mysql_real_escape_string($_REQUEST['category']), + db_escape_string($_REQUEST['category']), $packageID); db_query($q, $dbh); @@ -326,12 +326,12 @@ if ($uid): # Update package data $q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($new_pkgbuild['pkgver']), - mysql_real_escape_string($new_pkgbuild['pkgrel']), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($new_pkgbuild['pkgver']), + db_escape_string($new_pkgbuild['pkgrel']), + db_escape_string($new_pkgbuild['license']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $packageID); @@ -340,13 +340,13 @@ if ($uid): } else { # This is a brand new package $q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($new_pkgbuild['pkgver']), - mysql_real_escape_string($new_pkgbuild['pkgrel']), - mysql_real_escape_string($_REQUEST['category']), - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($new_pkgbuild['license']), + db_escape_string($new_pkgbuild['pkgver']), + db_escape_string($new_pkgbuild['pkgrel']), + db_escape_string($_REQUEST['category']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $uid); @@ -367,8 +367,8 @@ if ($uid): $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, - mysql_real_escape_string($deppkgname), - mysql_real_escape_string($depcondition)); + db_escape_string($deppkgname), + db_escape_string($depcondition)); db_query($q, $dbh); } @@ -378,7 +378,7 @@ if ($uid): foreach ($sources as $src) { if ($src != "" ) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $packageID . ", '" . mysql_real_escape_string($src) . "')"; + $q .= $packageID . ", '" . db_escape_string($src) . "')"; db_query($q, $dbh); } } diff --git a/web/html/voters.php b/web/html/voters.php index 6a16818..d27105f 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -5,7 +5,7 @@ include('pkgfuncs.inc'); function getvotes($pkgid) { $dbh = db_connect(); - $pkgid = mysql_real_escape_string($pkgid); + $pkgid = db_escape_string($pkgid); $result = db_query("SELECT UsersID,Username FROM PackageVotes LEFT JOIN Users on (UsersID = ID) WHERE PackageID = $pkgid ORDER BY Username", $dbh); return $result; diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 8ffa2f7..63d0926 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -225,7 +225,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Username = '".mysql_real_escape_string($U)."'"; + $q.= "WHERE Username = '".db_escape_string($U)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -243,7 +243,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Email = '".mysql_real_escape_string($E)."'"; + $q.= "WHERE Email = '".db_escape_string($E)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -265,7 +265,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # no errors, go ahead and create the unprivileged user $salt = generate_salt(); $P = salted_hash($P, $salt); - $escaped = array_map('mysql_real_escape_string', + $escaped = array_map('db_escape_string', array($U, $E, $P, $salt, $R, $L, $I)); $q = "INSERT INTO Users (" . "AccountTypeID, Suspended, Username, Email, Passwd, Salt" . @@ -289,7 +289,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # no errors, go ahead and modify the user account $q = "UPDATE Users SET "; - $q.= "Username = '".mysql_real_escape_string($U)."'"; + $q.= "Username = '".db_escape_string($U)."'"; if ($T) { $q.= ", AccountTypeID = ".intval($T); } @@ -298,15 +298,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { $q.= ", Suspended = 0"; } - $q.= ", Email = '".mysql_real_escape_string($E)."'"; + $q.= ", Email = '".db_escape_string($E)."'"; if ($P) { $salt = generate_salt(); $hash = salted_hash($P, $salt); $q .= ", Passwd = '$hash', Salt = '$salt'"; } - $q.= ", RealName = '".mysql_real_escape_string($R)."'"; - $q.= ", LangPreference = '".mysql_real_escape_string($L)."'"; - $q.= ", IRCNick = '".mysql_real_escape_string($I)."'"; + $q.= ", RealName = '".db_escape_string($R)."'"; + $q.= ", LangPreference = '".db_escape_string($L)."'"; + $q.= ", IRCNick = '".db_escape_string($I)."'"; $q.= " WHERE ID = ".intval($UID); $result = db_query($q, $dbh); if (!$result) { @@ -372,19 +372,19 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $search_vars[] = "S"; } if ($U) { - $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' "; + $q.= "AND Username LIKE '%".db_escape_string($U)."%' "; $search_vars[] = "U"; } if ($E) { - $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' "; + $q.= "AND Email LIKE '%".db_escape_string($E)."%' "; $search_vars[] = "E"; } if ($R) { - $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' "; + $q.= "AND RealName LIKE '%".db_escape_string($R)."%' "; $search_vars[] = "R"; } if ($I) { - $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' "; + $q.= "AND IRCNick LIKE '%".db_escape_string($I)."%' "; $search_vars[] = "I"; } switch ($SB) { @@ -716,7 +716,7 @@ function valid_user( $user ) if ( $user ) { $dbh = db_connect(); $q = "SELECT ID FROM Users WHERE Username = '" - . mysql_real_escape_string($user). "'"; + . db_escape_string($user). "'"; $result = mysql_fetch_row(db_query($q, $dbh)); diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 5eed8e7..97f04e9 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -219,6 +219,13 @@ function db_connect() { return $handle; } +# escapes strings for SQL query usage +# wraps the database driver's provided method +# wrapped for convenience and porting +function db_escape_string($unesc) { + return mysql_real_escape_string($unesc); +} + # disconnect from the database # this won't normally be needed as PHP/reference counting will take care of # closing the connection once it is no longer referenced diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index a96cc4b..6a31737 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -165,7 +165,7 @@ class AurJSON { if (is_numeric($arg)) { $id_args[] = intval($arg); } else { - $escaped = mysql_real_escape_string($arg, $this->dbh); + $escaped = db_escape_string($arg, $this->dbh); $name_args[] = "'" . $escaped . "'"; } } @@ -183,7 +183,7 @@ class AurJSON { return $this->json_error('Query arg too small'); } - $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); + $keyword_string = db_escape_string($keyword_string, $this->dbh); $keyword_string = addcslashes($keyword_string, '%_'); $where_condition = "( Name LIKE '%{$keyword_string}%' OR " . @@ -206,7 +206,7 @@ class AurJSON { } else { $where_condition = sprintf("Name=\"%s\"", - mysql_real_escape_string($pqdata, $this->dbh)); + db_escape_string($pqdata, $this->dbh)); } return $this->process_query('info', $where_condition); } @@ -248,7 +248,7 @@ class AurJSON { * @return mixed Returns an array of value data containing the package data **/ private function msearch($maintainer) { - $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $maintainer = db_escape_string($maintainer, $this->dbh); $where_condition = "Users.Username = '{$maintainer}'"; diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 7b43e45..9dbe384 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -94,7 +94,7 @@ function package_exists($name="") { if (!$name) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages "; - $q.= "WHERE Name = '".mysql_real_escape_string($name)."' "; + $q.= "WHERE Name = '".db_escape_string($name)."' "; $result = db_query($q, $dbh); if (!$result) {return NULL;} $row = mysql_fetch_row($result); @@ -127,7 +127,7 @@ function package_required($name="") { $dbh = db_connect(); $q = "SELECT p.Name, PackageID FROM PackageDepends pd "; $q.= "JOIN Packages p ON pd.PackageID = p.ID "; - $q.= "WHERE DepName = '".mysql_real_escape_string($name)."' "; + $q.= "WHERE DepName = '".db_escape_string($name)."' "; $q.= "ORDER BY p.Name"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -216,7 +216,7 @@ function pkgvotes_from_sid($sid="") { $q.= "FROM PackageVotes, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = PackageVotes.UsersID "; - $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -237,7 +237,7 @@ function pkgnotify_from_sid($sid="") { $q.= "FROM CommentNotify, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = CommentNotify.UserID "; - $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -267,7 +267,7 @@ function pkgname_from_id($pkgid=0) { # function pkgname_is_blacklisted($name) { $dbh = db_connect(); - $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'"; + $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . db_escape_string($name) . "'"; $result = db_query($q, $dbh); if (!$result) return false; @@ -432,7 +432,7 @@ function pkg_search_page($SID="") { } if (isset($_GET['K'])) { - $_GET['K'] = mysql_real_escape_string(trim($_GET['K'])); + $_GET['K'] = db_escape_string(trim($_GET['K'])); # Search by maintainer if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { diff --git a/web/lib/stats.inc b/web/lib/stats.inc index 756fa27..81404c7 100644 --- a/web/lib/stats.inc +++ b/web/lib/stats.inc @@ -53,7 +53,7 @@ function updates_table($dbh) function user_table($user, $dbh) { global $apc_prefix; - $escuser = mysql_real_escape_string($user); + $escuser = db_escape_string($user); $base_q = "SELECT count(*) FROM Packages,Users WHERE Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; $maintainer_unsupported_count = db_cache_value($base_q, $dbh, diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index e52c92d..d3b602c 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) { $q = 'INSERT INTO PackageComments '; $q.= '(PackageID, UsersID, Comments, CommentTS) VALUES ('; $q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', '; - $q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', "; + $q.= "'" . db_escape_string($_REQUEST['comment']) . "', "; $q.= 'UNIX_TIMESTAMP())'; db_query($q, $dbh); -- 1.7.2.5

2 2

[aur-dev] [PATCH 1/1] add support for etag and conditional get (if-none-match)
by elij 15 May '11

15 May '11

Add etag and if-none-match conditional get support. This will allow 'smart client' to save network bandwidth, as they can save the etag hash value for queries and test it later. Still an http request because this patch specifically sets a cache lifetime of zero, and must-revalidate. The benefit here is bandwidth savings. Caching based on expires headers would likely be counter productive, as the api data can change rather quickly...but etag is a nice compromise, and could be quite beneficial for bandwidth recution in some scenarios. --- web/lib/aurjson.class.php | 30 +++++++++++++++++++++++++++++- 1 files changed, 29 insertions(+), 1 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..a96cc4b 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -29,6 +29,17 @@ class AurJSON { * @return string The JSON formatted response data. **/ public function handle($http_data) { + // unset global aur headers from aur.inc + // leave expires header to enforce validation + // header_remove('Expires'); + // unset global aur.inc pragma header. We want to allow caching of data + // in proxies, but require validation of data (if-none-match) if + // possible + header_remove('Pragma'); + // overwrite cache-control header set in aur.inc to allow caching, but + // require validation + header('Cache-Control: public, must-revalidate, max-age=0'); + // handle error states if ( !isset($http_data['type']) || !isset($http_data['arg']) ) { return $this->json_error('No request type/data specified.'); @@ -43,6 +54,24 @@ class AurJSON { $json = call_user_func(array(&$this, $http_data['type']), $http_data['arg']); + // calculate etag as an md5 based on the json result + // this could be optimized by calculating the etag on the + // query result object before converting to json (step into + // the above function call) and adding the 'type' to the response, + // but having all this code here is cleaner and 'good enough' + $etag = md5($json); + header("Etag: \"$etag\""); + // make sure to strip a few things off the if-none-match + // header. stripping whitespace may not be required, but + // removing the quote on the incoming header is required + // to make the equality test + $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? + trim($_SERVER['HTTP_IF_NONE_MATCH'], "\t\n\r\" ") : false; + if ($if_none_match && $if_none_match == $etag) { + header('HTTP/1.1 304 Not Modified'); + return; + } + // allow rpc callback for XDomainAjax if ( isset($http_data['callback']) ) { // it is more correct to send text/javascript @@ -179,7 +208,6 @@ class AurJSON { $where_condition = sprintf("Name=\"%s\"", mysql_real_escape_string($pqdata, $this->dbh)); } - return $this->process_query('info', $where_condition); } -- 1.7.2.5

2 2

[aur-dev] [PATCH] add first submitted and last modified to rpc output
by kachelaqa 15 May '11

15 May '11

after reading the discussion about the submitter field, i looked again at my previous patch and realized that it was not very good at all. hopefully this simplified version will be more acceptable. the justification for this patch is that many third-party tools will want to know how new a package is, or when it last changed. adding the submitted and modified timestamps will allow users to get all the relevant package data in a single query. --- web/lib/aurjson.class.php | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..cad722e 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -20,7 +20,8 @@ class AurJSON { private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', 'Description', 'URL', 'License', - 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' + 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate', + 'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified' ); /** -- 1.7.5.1

3 2

[aur-dev] Couple of patches
by elij 12 May '11

12 May '11

Here are a few patches. The first patch removes the 'submitter' field from the web-ui package results. The second patch fixes several instances where db_query's result was not tested before performing mysql queries upon it. This patch might be a tad messy due to some unfortunate 'vim retab!' foolery. A result of forgetting to set noexpandtab before editing and writing out some changes. Mostly just a silly reformatting of some document strings. If the rest of the patch is wanted, I can rebase and re-edit this particular patch if desired. The third patch fixes an odd case I ran into where a user didn't exist, but a query was being performed anyway -- and relying on the sql failure to handle the lack of account. The final patch was just fixing an inconsistency I ran across, where depending on the error state, either a zero or an empty string was returned. php evaluates both to false, so it doesn't _really_ matter, but consistency is nice. :)

3 18

[aur-dev] [PATCH] add subitter, first submitted and last modified to json output
by kachelaqa 10 May '11

10 May '11

this patch is a follow up to my earlier feature request (FS#24183). --- web/lib/aurjson.class.php | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..2269edc 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -19,7 +19,7 @@ class AurJSON { ); private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', - 'Description', 'URL', 'License', + 'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' ); @@ -85,9 +85,12 @@ class AurJSON { private function process_query($type, $where_condition) { $fields = implode(',', self::$fields); - $query = "SELECT Users.Username as Maintainer, {$fields} " . - "FROM Packages LEFT JOIN Users " . - "ON Packages.MaintainerUID = Users.ID " . + $query = "SELECT {$fields}, " . + "mUsers.Username AS Maintainer, " . + "sUsers.Username AS Submitter " . + "FROM Packages " . + "LEFT JOIN Users AS mUsers ON Packages.MaintainerUID = mUsers.ID " . + "LEFT JOIN Users AS sUsers ON Packages.SubmitterUID = sUsers.ID " . "WHERE ${where_condition}"; $result = db_query($query, $this->dbh); -- 1.7.5.1

2 6