[aur-dev] [PATCH 1/2] Add a new AUR_LOCATION setting

Lukas Fleischer archlinux at cryptocrack.de
Mon Oct 24 14:04:12 EDT 2011 

On Fri, Oct 21, 2011 at 03:15:55PM -0500, Dan McGee wrote:
> This should be set to something like 'http://localhost' for development
> or 'https://aur.archlinux.org' in production. It ensures all links in
> the site stay in the development site and there is no sudden jump from
> development to production environments.
> 
> Signed-off-by: Dan McGee <dan at archlinux.org>
> ---
> 
> Resubmit v2- tested the pages, correct syntax on variable definition, and
> use 'global' keyword where appropriate.
> 
>  web/html/passreset.php            |    2 +-
>  web/lib/aur.inc.php               |    1 +
>  web/lib/config.inc.php.proto      |    3 +++
>  web/lib/pkgfuncs.inc.php          |    6 +++++-
>  web/template/header.php           |    2 +-
>  web/template/login_form.php       |    2 +-
>  web/template/pkg_comment_form.php |    4 ++--
>  7 files changed, 14 insertions(+), 6 deletions(-)

Mh. This breaks the "switch to HTTPs" feature if you use "http://" as
prefix. The only two solutions that come to my mind are:

* Make the host name configurable only and prepend the protocol part
  where appropriate.

* Do not support HTTPs unless you specify "https://". This makes sense
  to me but should be documented..?

> 
> diff --git a/web/html/passreset.php b/web/html/passreset.php
> index 01f3204..47d649d 100644
> --- a/web/html/passreset.php
> +++ b/web/html/passreset.php
> @@ -67,7 +67,7 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
>  		           'your password follow the link below, otherwise ignore '.
>  		           'this message and nothing will happen.').
>  		           "\n\n".
> -		           'https://aur.archlinux.org/passreset.php?'.
> +		           "{$AUR_LOCATION}/passreset.php?".
>  		           "resetkey={$resetkey}";
>  		$body = wordwrap($body, 70);
>  		$headers = "To: {$email}\nReply-to: nobody at archlinux.org\nFrom:aur-notify at archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR";
> diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
> index f432697..315092c 100644
> --- a/web/lib/aur.inc.php
> +++ b/web/lib/aur.inc.php
> @@ -327,6 +327,7 @@ function html_header($title="") {
>  	global $LANG;
>  	global $SUPPORTED_LANGS;
>  	global $DISABLE_HTTP_LOGIN;
> +	global $AUR_LOCATION;
>  
>  	if (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) {
>  		$login = try_login();
> diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto
> index fbade86..3230815 100644
> --- a/web/lib/config.inc.php.proto
> +++ b/web/lib/config.inc.php.proto
> @@ -77,3 +77,6 @@ $MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8;
>  
>  # Allow HTTPs logins only
>  $DISABLE_HTTP_LOGIN = true;
> +
> +# Web URL used in email links and absolute redirects, no trailing slash
> +$AUR_LOCATION = "http://localhost";
> diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
> index 3e89fa3..f3e9134 100644
> --- a/web/lib/pkgfuncs.inc.php
> +++ b/web/lib/pkgfuncs.inc.php
> @@ -301,6 +301,8 @@ function pkgname_is_blacklisted($name, $dbh=NULL) {
>  # display package details
>  #
>  function package_details($id=0, $SID="", $dbh=NULL) {
> +	global $AUR_LOCATION;
> +
>  	if(!$dbh) {
>  		$dbh = db_connect();
>  	}
> @@ -620,6 +622,8 @@ function sanitize_ids($ids) {
>   * @return string Translated success or error messages
>   */
>  function pkg_flag ($atype, $ids, $action=true, $dbh=NULL) {
> +	global $AUR_LOCATION;
> +
>  	if (!$atype) {
>  		if ($action) {
>  			return __("You must be logged in before you can flag packages.");
> @@ -666,7 +670,7 @@ function pkg_flag ($atype, $ids, $action=true, $dbh=NULL) {
>  		if (mysql_num_rows($result)) {
>  			while ($row = mysql_fetch_assoc($result)) {
>  				# construct email
> -				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\nhttps://aur.archlinux.org/packages.php?ID=" . $row['ID'] . "\n\n[1] - https://aur.archlinux.org/account.php?Action=AccountInfo&ID=" . $f_uid;
> +				$body = "Your package " . $row['Name'] . " has been flagged out of date by " . $f_name . " [1]. You may view your package at:\n" . $AUR_LOCATION . "/packages.php?ID=" . $row['ID'] . "\n\n[1] - " . $AUR_LOCATION . "/account.php?Action=AccountInfo&ID=" . $f_uid;
>  				$body = wordwrap($body, 70);
>  				$headers = "Reply-to: nobody at archlinux.org\nFrom:aur-notify at archlinux.org\nX-Mailer: PHP\nX-MimeOLE: Produced By AUR\n";
>  				@mail($row['Email'], "AUR Out-of-date Notification for ".$row['Name'], $body, $headers);
> diff --git a/web/template/header.php b/web/template/header.php
> index 8313bb3..73486b4 100644
> --- a/web/template/header.php
> +++ b/web/template/header.php
> @@ -23,7 +23,7 @@
>  					<li id="anb-forums"><a href="https://bbs.archlinux.org/" title="Community forums">Forums</a></li>
>  					<li id="anb-wiki"><a href="https://wiki.archlinux.org/" title="Community documentation">Wiki</a></li>
>  					<li id="anb-bugs"><a href="https://bugs.archlinux.org/" title="Report and track bugs">Bugs</a></li>
> -					<li id="anb-aur"><a href="https://aur.archlinux.org/" title="Arch Linux User Repository">AUR</a></li>
> +					<li id="anb-aur"><a href="/" title="Arch Linux User Repository">AUR</a></li>
>  					<li id="anb-download"><a href="http://www.archlinux.org/download/" title="Get Arch Linux">Download</a></li>
>  				</ul>
>  			</div>
> diff --git a/web/template/login_form.php b/web/template/login_form.php
> index c27e9ba..21bdaa7 100644
> --- a/web/template/login_form.php
> +++ b/web/template/login_form.php
> @@ -32,7 +32,7 @@ else {
>  ?>
>  <span class='error'>
>  	<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
> -		'<a href="https://aur.archlinux.org' . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
> +		'<a href="' . $AUR_LOCATION . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
>  </span>
>  <?php } ?>
>  </div>
> diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
> index e52c92d..c6ed69a 100644
> --- a/web/template/pkg_comment_form.php
> +++ b/web/template/pkg_comment_form.php
> @@ -35,9 +35,9 @@ if (isset($_REQUEST['comment'])) {
>  		# Simply making these strings translatable won't work, users would be
>  		# getting emails in the language that the user who posted the comment was in
>  		$body =
> -		'from https://aur.archlinux.org/packages.php?ID='
> +		'from ' . $AUR_LOCATION . '/packages.php?ID='
>  		. $_REQUEST['ID'] . "\n"
> -		. username_from_sid($_COOKIE['AURSID']) . " wrote:\n\n"
> +		. username_from_sid($_COOKIE['AURSID'], $dbh) . " wrote:\n\n"
>  		. $_POST['comment']
>  		. "\n\n---\nIf you no longer wish to receive notifications about this package, please go the the above package page and click the UnNotify button.";
>  		$body = wordwrap($body, 70);
> -- 
> 1.7.7

More information about the aur-dev mailing list