March 2012 - Aur-dev - lists.archlinux.org

[aur-dev] [PATCH] Add field for PGP key in profile information
by Lukas Fleischer 24 Mar '12

24 Mar '12

This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by: Lukas Fleischer <archlinux(a)cryptocrack.de> --- UPGRADING | 3 ++ support/schema/aur-schema.sql | 1 + web/html/account.php | 13 ++++---- web/lib/acctfuncs.inc.php | 67 ++++++++++++++++++++++++++++++++++++----- 4 files changed, 71 insertions(+), 13 deletions(-) diff --git a/UPGRADING b/UPGRADING index 6557b95..6f87944 100644 --- a/UPGRADING +++ b/UPGRADING @@ -6,7 +6,10 @@ From 1.9.1 to 2.0.0 1. Add new "Users" table login date column: +---- ALTER TABLE Users ADD COLUMN LastLogin BIGINT NOT NULL DEFAULT 0; +ALTER TABLE Users ADD COLUMN PGPKey CHAR(40) NULL DEFAULT NULL; +---- From 1.9.0 to 1.9.1 ------------------- diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index 6c8feca..ca7ddbe 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -31,6 +31,7 @@ CREATE TABLE Users ( RealName VARCHAR(64) NOT NULL DEFAULT '', LangPreference VARCHAR(5) NOT NULL DEFAULT 'en', IRCNick VARCHAR(32) NOT NULL DEFAULT '', + PGPKey CHAR(40) NULL DEFAULT NULL, LastVoted BIGINT UNSIGNED NOT NULL DEFAULT 0, LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (ID), diff --git a/web/html/account.php b/web/html/account.php index d94d711..339316b 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -33,7 +33,8 @@ if (isset($_COOKIE["AURSID"])) { # search_results_page($atype, in_request("O"), in_request("SB"), in_request("U"), in_request("T"), in_request("S"), - in_request("E"), in_request("R"), in_request("I")); + in_request("E"), in_request("R"), in_request("I"), + in_request("K")); } else { # a non-privileged user is trying to access the search page @@ -64,7 +65,7 @@ if (isset($_COOKIE["AURSID"])) { display_account_form($atype, "UpdateAccount", $row["Username"], $row["AccountType"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["ID"]); + $row["IRCNick"], $row["PGPKey"], $row["ID"]); } } @@ -82,7 +83,7 @@ if (isset($_COOKIE["AURSID"])) { $row = mysql_fetch_assoc($result); display_account_info($row["Username"], $row["AccountType"], $row["Email"], $row["RealName"], - $row["IRCNick"], $row["LastVoted"]); + $row["IRCNick"], $row["PGPKey"], $row["LastVoted"]); } } elseif ($action == "UpdateAccount") { @@ -92,7 +93,7 @@ if (isset($_COOKIE["AURSID"])) { in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), - in_request("ID")); + in_request("K"), in_request("ID")); } else { @@ -127,7 +128,7 @@ if (isset($_COOKIE["AURSID"])) { display_account_form($atype, "UpdateAccount", $row["Username"], $row["AccountType"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["ID"]); + $row["IRCNick"], $row["PGPKey"], $row["ID"]); } } } @@ -143,7 +144,7 @@ if (isset($_COOKIE["AURSID"])) { process_account_form("","new", "NewAccount", in_request("U"), 1, 0, in_request("E"), in_request("P"), in_request("C"), in_request("R"), - in_request("L"), in_request("I")); + in_request("L"), in_request("I"), in_request("K")); } else { # display the account request form diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 512e66c..8246cc9 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -8,10 +8,28 @@ function in_request($name) { return ""; } +# Format PGP key fingerprint +function html_format_pgp_fingerprint($fingerprint) { + if (strlen($fingerprint) != 40 || !ctype_xdigit($fingerprint)) { + return $fingerprint; + } + + return htmlspecialchars(substr($fingerprint, 0, 4) . " " . + substr($fingerprint, 4, 4) . " " . + substr($fingerprint, 8, 4) . " " . + substr($fingerprint, 12, 4) . " " . + substr($fingerprint, 16, 4) . " " . + substr($fingerprint, 20, 4) . " " . + substr($fingerprint, 24, 4) . " " . + substr($fingerprint, 28, 4) . " " . + substr($fingerprint, 32, 4) . " " . + substr($fingerprint, 36, 4) . " ", ENT_QUOTES); +} + # Display the standard Account form, pass in default values if any function display_account_form($UTYPE,$A,$U="",$T="",$S="", - $E="",$P="",$C="",$R="",$L="",$I="",$UID=0) { + $E="",$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) { # UTYPE: what user type the form is being displayed for # A: what "form" name to use # U: value to display for username @@ -113,6 +131,12 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", print "</tr>\n"; print "<tr>"; + print "<td align='left'>".__("PGP Key Fingerprint").":</td>"; + print "<td align='left'><input type='text' size='30' maxlength='50'"; + print " name='K' value='".html_format_pgp_fingerprint($K)."' /></td>"; + print "</tr>\n"; + + print "<tr>"; print "<td align='left'>".__("Language").":</td>"; print "<td align='left'><select name=L>\n"; @@ -152,7 +176,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", # process form input from a new/edit account form # function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", - $P="",$C="",$R="",$L="",$I="",$UID=0) { + $P="",$C="",$R="",$L="",$I="",$K="",$UID=0) { # UTYPE: The user's account type # TYPE: either "edit" or "new" # A: what parent "form" name to use @@ -215,6 +239,11 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); } + + if (!$error && $K != '' && !valid_pgp_fingerprint($K)) { + $error = __("The PGP key fingerprint is invalid."); + } + if ($UTYPE == "Trusted User" && $T == 3) { $error = __("A Trusted User cannot assign Developer status."); } @@ -260,17 +289,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", if ($error) { print "".$error." \n"; display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "", - $R, $L, $I, $UID); + $R, $L, $I, $K, $UID); } else { if ($TYPE == "new") { # no errors, go ahead and create the unprivileged user $salt = generate_salt(); $P = salted_hash($P, $salt); $escaped = array_map('db_escape_string', - array($U, $E, $P, $salt, $R, $L, $I)); + array($U, $E, $P, $salt, $R, $L, $I, str_replace(" ", "", $K))); $q = "INSERT INTO Users (" . "AccountTypeID, Suspended, Username, Email, Passwd, Salt" . - ", RealName, LangPreference, IRCNick) " . + ", RealName, LangPreference, IRCNick, PGPKey) " . "VALUES (1, 0, '" . implode("', '", $escaped) . "')"; $result = db_query($q, $dbh); if (!$result) { @@ -308,6 +337,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", $q.= ", RealName = '".db_escape_string($R)."'"; $q.= ", LangPreference = '".db_escape_string($L)."'"; $q.= ", IRCNick = '".db_escape_string($I)."'"; + $q.= ", PGPKey = '".db_escape_string(str_replace(" ", "", $K))."'"; $q.= " WHERE ID = ".intval($UID); $result = db_query($q, $dbh); if (!$result) { @@ -333,7 +363,7 @@ function search_accounts_form() { # search results page # function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", - $S="",$E="",$R="",$I="") { + $S="",$E="",$R="",$I="",$K="") { # UTYPE: what account type the user belongs to # O: what row offset we're at # SB: how to sort the results @@ -388,6 +418,10 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $q.= "AND IRCNick LIKE '%".db_escape_like($I)."%' "; $search_vars[] = "I"; } + if ($K) { + $q.= "AND PGPKey LIKE '%".db_escape_like(str_replace(" ", "", $K))."%' "; + $search_vars[] = "K"; + } switch ($SB) { case 't': $q.= "ORDER BY AccountTypeID, Username "; @@ -429,6 +463,8 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", print "<th class='header'>"; print "".__("IRC Nick")."</th>"; print "<th class='header'>"; + print "".__("PGP Key Fingerprint")."</th>"; + print "<th class='header'>"; print "".__("Last Voted")."</th>"; print "<th class='header'>"; print "".__("Edit Account")."</th>"; @@ -460,6 +496,9 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print " "; print "</td>"; print "<td class='".$c."'>"; + $row["PGPKey"] ? print html_format_pgp_fingerprint($row["PGPKey"]) : print " "; + print "</td>"; + print "<td class='".$c."'>"; $row["LastVoted"] ? print date("Y-m-d", $row["LastVoted"]) : print __("Never"); @@ -526,7 +565,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", # Display non-editable account info # -function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") { +function display_account_info($U="", $T="", $E="", $R="", $I="", $K="", $LV="") { # U: value to display for username # T: value to display for account type # E: value to display for email address @@ -575,6 +614,11 @@ function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") { print " </tr>\n"; print " <tr>\n"; + print " <td align='left'>".__("PGP Key Fingerprint").":</td>\n"; + print " <td align='left'>".html_format_pgp_fingerprint($K)."</td>\n"; + print " </tr>\n"; + + print " <tr>\n"; print " <td align='left'>".__("Last Voted").":</td>\n"; print " <td align='left'>"; print $LV ? date("Y-m-d", $LV) : __("Never"); @@ -784,6 +828,15 @@ function valid_passwd( $userID, $passwd, $dbh ) } /* + * Checks if the PGP key fingerprint is valid (must be 40 hexadecimal digits). + */ +function valid_pgp_fingerprint ( $fingerprint ) +{ + $fingerprint = str_replace(" ", "", $fingerprint); + return (strlen($fingerprint) == 40 && ctype_xdigit($fingerprint)); +} + +/* * Is the user account suspended? */ function user_suspended( $id, $dbh ) -- 1.7.9.4

2 2

[aur-dev] pdftk unusable
by tt＠bu.edu 22 Mar '12

22 Mar '12

I have errors from pdftk, and the pdf files that come out are unusable. Any suggestions, or links to a usable pdftk source or monolithic bynary? Thanks, Tommaso Toffoli I just installed the pdftk 1.44-5 (AUR package) in a freshly installed Arch Linux 64-bit system. I installed this package first manually, directly from AUR, and a second time using Yaourt, with exactly the same results. [I had used pdftk on the previous install (a couple of months ago) of Arch Linux on the same machine, and that had been working without any problems. Also, the latter installed instantly, while the new one had to go through half an hour of an enormous gcc-gcj installation.] Nature of the problem When I run pdftk I get the following messages: tt@pks:~/beazwork$ pdftk body.pdf cat 645 output page.pdf Unhandled Java Exception: Unhandled Java Exception: java.lang.NullPointerException at gnu.gcj.runtime.NameFinder.lookup(libgcj.so.12) at java.lang.Throwable.getStackTrace(libgcj.so.12) at java.lang.Throwable.stackTraceString(libgcj.so.12) at java.lang.Throwable.printStackTrace(libgcj.so.12) at java.lang.Throwable.printStackTrace(libgcj.so.12) When I play back the resulting file, I get the following messages: tt@pks:~/beazwork$ xpdf page.pdf Warning: Cannot convert string "-*-helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1" to type FontStruct Warning: Cannot convert string "-*-courier-medium-r-normal--12-*-*-*-*-*-iso8859-1" to type FontStruct Warning: Cannot convert string "-*-times-bold-i-normal--20-*-*-*-*-*-iso8859-1" to type FontStruct Warning: Cannot convert string "-*-times-medium-r-normal--14-*-*-*-*-*-iso8859-1" to type FontStruct Syntax Error: Couldn't read xref table Syntax Warning: PDF file is damaged - attempting to reconstruct xref table... Syntax Error: Couldn't find trailer dictionary Syntax Error: Couldn't read xref table Questions -- The gcc version currently supplied by Arch Linux is gcc 4.6.3. Mine is a 64-bit system; could it be an issue of 32 vs 64 bits? -- Is there a simpler, perhaps older, monolithic binary that I can use in the interim? -- Any hope I could be running pdftk again any time soon?

2 1

[aur-dev] [PATCH 0/2] Support canonical links to packages/accounts
by Lukas Fleischer 22 Mar '12

22 Mar '12

Resubmission of two patches I submitted to aur-dev about one and a half years ago. Not sure how I managed not to merge these into master :) Lukas Fleischer (2): Support canonical links to packages Support canonical links to accounts web/html/account.php | 6 +++++- web/html/packages.php | 14 ++++++++++++++ web/template/pkg_comments.php | 2 +- web/template/pkg_details.php | 8 +++++++- 4 files changed, 27 insertions(+), 3 deletions(-) -- 1.7.9.4

1 2

[aur-dev] [PATCH] Unify function declaration style
by Lukas Fleischer 22 Mar '12

22 Mar '12

Always put the opening brace on the same line as the beginning of the function declaration. Signed-off-by: Lukas Fleischer <archlinux(a)cryptocrack.de> --- web/lib/acctfuncs.inc.php | 24 ++++++++---------------- web/lib/aur.inc.php | 24 ++++++++---------------- web/lib/stats.inc.php | 9 +++------ 3 files changed, 19 insertions(+), 38 deletions(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 8246cc9..da10f32 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -732,8 +732,7 @@ function try_login() { * Returns the username if it is valid * Returns nothing if it isn't valid */ -function valid_username( $user ) -{ +function valid_username($user) { if (!empty($user)) { #Is username at not too short or too long? @@ -759,8 +758,7 @@ function valid_username( $user ) * Checks if the username is valid and if it exists in the database * Returns the username ID or nothing */ -function valid_user( $user, $dbh ) -{ +function valid_user($user, $dbh) { /* if ( $user = valid_username($user) ) { */ if ( $user ) { $q = "SELECT ID FROM Users WHERE Username = '" @@ -776,8 +774,7 @@ function valid_user( $user, $dbh ) return; } -function good_passwd( $passwd ) -{ +function good_passwd($passwd) { if ( strlen($passwd) >= PASSWD_MIN_LEN ) { return true; } @@ -787,8 +784,7 @@ function good_passwd( $passwd ) /* Verifies that the password is correct for the userID specified. * Returns true or false */ -function valid_passwd( $userID, $passwd, $dbh ) -{ +function valid_passwd($userID, $passwd, $dbh) { if ( strlen($passwd) > 0 ) { # get salt for this user $salt = get_salt($userID); @@ -830,8 +826,7 @@ function valid_passwd( $userID, $passwd, $dbh ) /* * Checks if the PGP key fingerprint is valid (must be 40 hexadecimal digits). */ -function valid_pgp_fingerprint ( $fingerprint ) -{ +function valid_pgp_fingerprint($fingerprint) { $fingerprint = str_replace(" ", "", $fingerprint); return (strlen($fingerprint) == 40 && ctype_xdigit($fingerprint)); } @@ -839,8 +834,7 @@ function valid_pgp_fingerprint ( $fingerprint ) /* * Is the user account suspended? */ -function user_suspended( $id, $dbh ) -{ +function user_suspended($id, $dbh) { if (!$id) { return false; } @@ -858,8 +852,7 @@ function user_suspended( $id, $dbh ) /* * This should be expanded to return something */ -function user_delete( $id, $dbh ) -{ +function user_delete($id, $dbh) { $q = "DELETE FROM Users WHERE ID = " . $id; db_query($q, $dbh); return; @@ -869,8 +862,7 @@ function user_delete( $id, $dbh ) * A different way of determining a user's privileges * rather than account_from_sid() */ -function user_is_privileged( $id, $dbh ) -{ +function user_is_privileged($id, $dbh) { $q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id; $result = db_query($q, $dbh); if ($result) { diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 7c92bb6..985558f 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -386,8 +386,7 @@ function chmod_group($path) { # obtain the uid given a Users.Username # -function uid_from_username($username="", $dbh=NULL) -{ +function uid_from_username($username="", $dbh=NULL) { if (!$username) { return ""; } @@ -407,8 +406,7 @@ function uid_from_username($username="", $dbh=NULL) # obtain the uid given a Users.Email # -function uid_from_email($email="", $dbh=NULL) -{ +function uid_from_email($email="", $dbh=NULL) { if (!$email) { return ""; } @@ -428,8 +426,7 @@ function uid_from_email($email="", $dbh=NULL) # check user privileges # -function check_user_privileges() -{ +function check_user_privileges() { $type = account_from_sid($_COOKIE['AURSID']); return ($type == 'Trusted User' || $type == 'Developer'); } @@ -468,8 +465,7 @@ function mkurl($append) { return substr($out, 5); } -function get_salt($user_id, $dbh=NULL) -{ +function get_salt($user_id, $dbh=NULL) { if(!$dbh) { $dbh = db_connect(); } @@ -482,8 +478,7 @@ function get_salt($user_id, $dbh=NULL) return; } -function save_salt($user_id, $passwd, $dbh=NULL) -{ +function save_salt($user_id, $passwd, $dbh=NULL) { if(!$dbh) { $dbh = db_connect(); } @@ -494,21 +489,18 @@ function save_salt($user_id, $passwd, $dbh=NULL) return db_query($salting_q, $dbh); } -function generate_salt() -{ +function generate_salt() { return md5(uniqid(mt_rand(), true)); } -function salted_hash($passwd, $salt) -{ +function salted_hash($passwd, $salt) { if (strlen($salt) != 32) { trigger_error('Salt does not look like an md5 hash', E_USER_WARNING); } return md5($salt . $passwd); } -function parse_comment($comment) -{ +function parse_comment($comment) { $url_pattern = '/(\b(?:https?|ftp):\/\/[\w\/\#~:.?+=&%@!\-;,]+?' . '(?=[.:?\-;,]*(?:[^\w\/\#~:.?+=&%@!\-;,]|$)))/iS'; diff --git a/web/lib/stats.inc.php b/web/lib/stats.inc.php index 8f0f770..01e6700 100644 --- a/web/lib/stats.inc.php +++ b/web/lib/stats.inc.php @@ -2,8 +2,7 @@ include_once('aur.inc.php'); -function updates_table($dbh) -{ +function updates_table($dbh) { $key = 'recent_updates'; if(!($newest_packages = get_cache_value($key))) { $q = 'SELECT * FROM Packages ORDER BY ModifiedTS DESC LIMIT 10'; @@ -18,8 +17,7 @@ function updates_table($dbh) include('stats/updates_table.php'); } -function user_table($user, $dbh) -{ +function user_table($user, $dbh) { $escuser = db_escape_string($user); $base_q = "SELECT count(*) FROM Packages,Users WHERE Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; @@ -37,8 +35,7 @@ function user_table($user, $dbh) include('stats/user_table.php'); } -function general_stats_table($dbh) -{ +function general_stats_table($dbh) { # AUR statistics $q = "SELECT count(*) FROM Packages"; $unsupported_count = db_cache_value($q, $dbh, 'unsupported_count'); -- 1.7.9.4

1 0

[aur-dev] [PATCH] valid_email :: check if domain part is real
by BlackEagle 21 Mar '12

21 Mar '12

this can be used as an intermediate 'patch' util there is a validation system in place. the extra check is to verify that the domain part of a correctly formatted email address is existing and in use. this will not at all stop spammers since they can use bogus emails with valid domain parts --- web/lib/aur.inc.php | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index c662b80..001f23f 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -80,7 +80,18 @@ function check_sid($dbh=NULL) { # verify that an email address looks like it is legitimate # function valid_email($addy) { - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false); + // check against RFC 3696 + if(filter_var($addy, FILTER_VALIDATE_EMAIL) === false) { + return false; + } + + // check dns for mx, a, aaaa records + list($local, $domain) = explode('@', $addy); + if(! (checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A') || checkdnsrr($domain, 'AAAA'))) { + return false; + } + + return true; } # a new seed value for mt_srand() -- 1.7.9.1

2 1

[aur-dev] [PATCH] valid_email :: add dns check
by BlackEagle 21 Mar '12

21 Mar '12

When an email address is of the correct format check if there is an mx record for the domain part. This forces people wanting to trash something in aur to use a domain part with an mx record. This will not stop invalid email, it only adds an extra check and a possible help for typos. Signed-off-by: BlackEagle <ike.devolder(a)gmail.com> --- web/lib/aur.inc.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index c662b80..7e9d7de 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -80,7 +80,14 @@ function check_sid($dbh=NULL) { # verify that an email address looks like it is legitimate # function valid_email($addy) { - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false); + if (filter_var($addy, FILTER_VALIDATE_EMAIL) === false) + return false; + + $domain = substr($addy, strrpos($addy, '@')+1); + if (!checkdnsrr($domain, 'MX') || checkdnsrr($domain, 'A')) + return false; + + return true; } # a new seed value for mt_srand() -- 1.7.9.4

5 15

[aur-dev] [PATCH] pkgsubmit: count actual subdirectories
by Dave Reisner 19 Mar '12

19 Mar '12

Rather than relying on a regex, detect directories in the uploaded tarball and count the slashes. This avoids problems with bsdtar inserting PaxHeader attributes into the archive which look something like the following to Archive_Tar: PaxHeader/xcursor-protozoa xcursor-protozoa/ xcursor-protozoa/PaxHeader/PKGBUILD xcursor-protozoa/PKGBUILD This only occurs on certain filesystems (e.g. jfs), but the tarball is by no means invalid. When extracted, it will only contain the PKGBUILD within a single subdirectory. Signed-off-by: Dave Reisner <dreisner(a)archlinux.org> --- web/html/pkgsubmit.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 75a4b69..5f5ba30 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -63,16 +63,13 @@ if ($uid): # Extract PKGBUILD into a string $pkgbuild_raw = ''; - $dircount = 0; foreach ($tar->listContent() as $tar_file) { if (preg_match('/^[^\/]+\/PKGBUILD$/', $tar_file['filename'])) { $pkgbuild_raw = $tar->extractInString($tar_file['filename']); } - elseif (preg_match('/^[^\/]+\/$/', $tar_file['filename'])) { - if (++$dircount > 1) { - $error = __("Error - source tarball may not contain more than one directory."); - break; - } + elseif ($tar_file['filetype'] == 5 && count(explode(',', $tar_file['filename'])) > 1) { + $error = __("Error - source tarball may not contain more than one directory."); + break; } elseif (preg_match('/^[^\/]+$/', $tar_file['filename'])) { $error = __("Error - source tarball may not contain files outside a directory."); -- 1.7.9.4

3 5

[aur-dev] [PATCH] [FS#28839] Query package details directly by name
by Dario Giovannetti 09 Mar '12

09 Mar '12

Currently package-detail pages are retrieved only with "packages.php?ID=#". I've attached two possible patches to bug report FS#28839 ( https://bugs.archlinux.org/task/28839 ) that could enable querying by package name: the first one just adds an elseif in packages.php, the second one rewrites an if block avoiding some duplication of code. PATCH_1: https://bugs.archlinux.org/task/28839?getfile=8371 PATCH_2: https://bugs.archlinux.org/task/28839?getfile=8372 A new GET variable is introduced, "NAME", and this way package details could be queried also with "packages.php?NAME=pkgname". If "NAME" conflicts with an existing variable, possible alternatives are "PNAME", "PKGNAME", "pkgname" and so on. Note that the patches use `urldecode($_GET['NAME'])`, so names should be obviously url-encoded in the string. This is already supported by https://wiki.archlinux.org/index.php/Template:AUR This request is the result of the discussion in https://wiki.archlinux.org/index.php/User_talk:Det#Templates%20vs%20links. Thank you, Dario

1 0

[aur-dev] AUR 1.9.1 released
by Lukas Fleischer 09 Mar '12

09 Mar '12

Important changes: * Fixes for minor SQL injection vulnerabilities * Fixes for several XSS vulnerabilities * Several minor bug fixes * Translation updates Check the Git log [1] for a complete list. The official Arch Linux AUR setup [2] has already been upgraded! [1] http://projects.archlinux.org/aur.git/log/?id=v1.9.1 [2] https://aur.archlinux.org/

1 0

[aur-dev] [PATCH] Always set the "To:" header when sending mail
by Lukas Fleischer 08 Mar '12

08 Mar '12

Use "undisclosed-recipients: ;" when sending mass notifications (such as comment notifications and the like. Addresses FS#28229. Signed-off-by: Lukas Fleischer <archlinux(a)cryptocrack.de> --- web/html/passreset.php | 4 ++-- web/lib/pkgfuncs.inc.php | 2 +- web/template/pkg_comment_form.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/html/passreset.php b/web/html/passreset.php index 82be3ef..98aa685 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -70,8 +70,8 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir "{$AUR_LOCATION}/passreset.php?". "resetkey={$resetkey}"; $body = wordwrap($body, 70); - $headers = "To: {$email}\nReply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; - @mail(' ', 'AUR Password Reset', $body, $headers); + $headers = "Reply-to: nobody@archlinux.org\nFrom:aur-notify@archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR"; + @mail($email, 'AUR Password Reset', $body, $headers); } header('Location: passreset.php?step=confirm'); diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php index 4204019..7b71ef4 100644 --- a/web/lib/pkgfuncs.inc.php +++ b/web/lib/pkgfuncs.inc.php @@ -745,7 +745,7 @@ function pkg_delete ($atype, $ids, $mergepkgid, $dbh=NULL) { $body = wordwrap($body, 70); $bcc = implode(', ', $bcc); $headers = "Bcc: $bcc\nReply-to: nobody(a)archlinux.org\nFrom: aur-notify(a)archlinux.org\nX-Mailer: AUR\n"; - @mail(' ', "AUR Package deleted: " . $pkgname, $body, $headers); + @mail('undisclosed-recipients: ;', "AUR Package deleted: " . $pkgname, $body, $headers); } } diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index a2bbf71..7606ce9 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -43,7 +43,7 @@ if (isset($_REQUEST['comment'])) { $body = wordwrap($body, 70); $bcc = implode(', ', $bcc); $headers = "Bcc: $bcc\nReply-to: nobody(a)archlinux.org\nFrom: aur-notify(a)archlinux.org\nX-Mailer: AUR\n"; - @mail(' ', "AUR Comment for " . $row['Name'], $body, $headers); + @mail('undisclosed-recipients: ;', "AUR Comment for " . $row['Name'], $body, $headers); } } -- 1.7.9.3

1 0