From skazhy at gmail.com Thu May 5 10:30:31 2011 From: skazhy at gmail.com (=?UTF-8?Q?K=C4=81rlis?=) Date: Thu, 5 May 2011 11:30:31 +0300 Subject: [aur-dev] Patch submission for AUR login form Message-ID: Hi! This is my first patch submission for an open source project, I really hope that patch format is right. I added label fields in the aur login form (wrapping the "Username:", "Password:" and "Remember me"). Nothing fancy, but it will be better than trying to click in the small checkbox. Cheers, -Karlis -------------- next part -------------- A non-text attachment was scrubbed... Name: login_labels.patch Type: text/x-patch Size: 1687 bytes Desc: not available URL: From archlinux at cryptocrack.de Mon May 9 05:03:58 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Mon, 9 May 2011 11:03:58 +0200 Subject: [aur-dev] Patch submission for AUR login form In-Reply-To: References: Message-ID: <20110509090358.GA23951@blizzard> On Thu, May 05, 2011 at 11:30:31AM +0300, K?rlis wrote: > Hi! > > This is my first patch submission for an open source project, I really > hope that patch format is right. I added label fields in the aur login > form (wrapping the "Username:", "Password:" and "Remember me"). > Nothing fancy, but it will be better than trying to click in the small > checkbox. Yeah, it's ok :) You may prefer to use git-send-email(1) which is what most people here use. > > Cheers, > -Karlis > From 9fa0f9e690e7426f5986f4f41b91a184aaa6d861 Mon Sep 17 00:00:00 2001 > From: Karlis Lauva > Date: Thu, 5 May 2011 09:19:59 +0300 > Subject: [PATCH] Added label tags for login form fields. > > --- > web/template/login_form.php | 11 ++++++----- > 1 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/web/template/login_form.php b/web/template/login_form.php > index ab00071..25bf4d0 100644 > --- a/web/template/login_form.php > +++ b/web/template/login_form.php > @@ -13,14 +13,15 @@ else { > ?> >

> - > - > + > - > - > - > + > + > + > + You should always use tabs for indentation. Amended that before pushing. > " /> > [] >

> -- > 1.7.5 > Thanks! :) From kachelaqa at gmail.com Tue May 10 16:20:24 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Tue, 10 May 2011 21:20:24 +0100 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output Message-ID: <4DC99E08.6030909@gmail.com> this patch is a follow up to my earlier feature request (FS#24183). --- web/lib/aurjson.class.php | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..2269edc 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -19,7 +19,7 @@ class AurJSON { ); private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', - 'Description', 'URL', 'License', + 'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' ); @@ -85,9 +85,12 @@ class AurJSON { private function process_query($type, $where_condition) { $fields = implode(',', self::$fields); - $query = "SELECT Users.Username as Maintainer, {$fields} " . - "FROM Packages LEFT JOIN Users " . - "ON Packages.MaintainerUID = Users.ID " . + $query = "SELECT {$fields}, " . + "mUsers.Username AS Maintainer, " . + "sUsers.Username AS Submitter " . + "FROM Packages " . + "LEFT JOIN Users AS mUsers ON Packages.MaintainerUID = mUsers.ID " . + "LEFT JOIN Users AS sUsers ON Packages.SubmitterUID = sUsers.ID " . "WHERE ${where_condition}"; $result = db_query($query, $this->dbh); -- 1.7.5.1 From kachelaqa at gmail.com Tue May 10 16:38:41 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Tue, 10 May 2011 21:38:41 +0100 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: <4DC99E08.6030909@gmail.com> References: <4DC99E08.6030909@gmail.com> Message-ID: <4DC9A251.5010600@gmail.com> On 10/05/11 21:20, kachelaqa wrote: > this patch is a follow up to my earlier feature request (FS#24183). amended patch with correct line lengths. --- web/lib/aurjson.class.php | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..97793cc 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -19,7 +19,7 @@ class AurJSON { ); private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', - 'Description', 'URL', 'License', + 'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' ); @@ -85,9 +85,14 @@ class AurJSON { private function process_query($type, $where_condition) { $fields = implode(',', self::$fields); - $query = "SELECT Users.Username as Maintainer, {$fields} " . - "FROM Packages LEFT JOIN Users " . - "ON Packages.MaintainerUID = Users.ID " . + $query = "SELECT {$fields}, " . + "mUsers.Username AS Maintainer, " . + "sUsers.Username AS Submitter " . + "FROM Packages " . + "LEFT JOIN Users AS mUsers " . + "ON Packages.MaintainerUID = mUsers.ID " . + "LEFT JOIN Users AS sUsers " . + "ON Packages.SubmitterUID = sUsers.ID " . "WHERE ${where_condition}"; $result = db_query($query, $this->dbh); -- 1.7.5.1 From elij.mx at gmail.com Tue May 10 16:54:25 2011 From: elij.mx at gmail.com (elij) Date: Tue, 10 May 2011 13:54:25 -0700 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: <4DC99E08.6030909@gmail.com> References: <4DC99E08.6030909@gmail.com> Message-ID: On Tue, May 10, 2011 at 1:20 PM, kachelaqa wrote: > this patch is a follow up to my earlier feature request (FS#24183). Does anyone really care who the original submitter was? I think maintainer makes sense, but submitter? So, while I disagree with adding submitter, I think that adding last modified is a good idea. > --- > ?web/lib/aurjson.class.php | ? 11 +++++++---- > ?1 files changed, 7 insertions(+), 4 deletions(-) > > diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php > index 50cf6d0..2269edc 100644 > --- a/web/lib/aurjson.class.php > +++ b/web/lib/aurjson.class.php > @@ -19,7 +19,7 @@ class AurJSON { > ? ? ); > ? ? private static $fields = array( > ? ? ? ? 'Packages.ID', 'Name', 'Version', 'CategoryID', > - ? ? ? ?'Description', 'URL', 'License', > + ? ? ? ?'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', > ? ? ? ? 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' > ? ? ); > > @@ -85,9 +85,12 @@ class AurJSON { > > ? ? private function process_query($type, $where_condition) { > ? ? ? ? $fields = implode(',', self::$fields); > - ? ? ? ?$query = "SELECT Users.Username as Maintainer, {$fields} " . > - ? ? ? ? ? ?"FROM Packages LEFT JOIN Users " . > - ? ? ? ? ? ?"ON Packages.MaintainerUID = Users.ID " . > + ? ? ? ?$query = "SELECT {$fields}, " . > + ? ? ? ? ? ?"mUsers.Username AS Maintainer, " . > + ? ? ? ? ? ?"sUsers.Username AS Submitter " . > + ? ? ? ? ? ?"FROM Packages " . > + ? ? ? ? ? ?"LEFT JOIN Users AS mUsers ON Packages.MaintainerUID = > mUsers.ID " . > + ? ? ? ? ? ?"LEFT JOIN Users AS sUsers ON Packages.SubmitterUID = sUsers.ID > " . Does this need to be a left join? I could see the need for a left join on maintainer, due to a a package not having a maintainer, but do we have any packages without a submitter? If not, then an inner join would probably be faster, since it wouldn't have to _basically_ do the inner join and THEN try to find any null columns and add those too. > ? ? ? ? ? ? "WHERE ${where_condition}"; > ? ? ? ? $result = db_query($query, $this->dbh); > > -- > 1.7.5.1 > From kachelaqa at gmail.com Tue May 10 17:04:16 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Tue, 10 May 2011 22:04:16 +0100 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: References: <4DC99E08.6030909@gmail.com> Message-ID: <4DC9A850.3020303@gmail.com> On 10/05/11 21:54, elij wrote: > On Tue, May 10, 2011 at 1:20 PM, kachelaqa wrote: >> this patch is a follow up to my earlier feature request (FS#24183). > > Does anyone really care who the original submitter was? > I think maintainer makes sense, but submitter? submitter is currently shown on the package details page, as is first submitted. > So, while I disagree with adding submitter, I think that adding last > modified is a good idea. i think all the available information should be included. >> --- >> web/lib/aurjson.class.php | 11 +++++++---- >> 1 files changed, 7 insertions(+), 4 deletions(-) >> >> diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php >> index 50cf6d0..2269edc 100644 >> --- a/web/lib/aurjson.class.php >> +++ b/web/lib/aurjson.class.php >> @@ -19,7 +19,7 @@ class AurJSON { >> ); >> private static $fields = array( >> 'Packages.ID', 'Name', 'Version', 'CategoryID', >> - 'Description', 'URL', 'License', >> + 'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', >> 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' >> ); >> >> @@ -85,9 +85,12 @@ class AurJSON { >> >> private function process_query($type, $where_condition) { >> $fields = implode(',', self::$fields); >> - $query = "SELECT Users.Username as Maintainer, {$fields} " . >> - "FROM Packages LEFT JOIN Users " . >> - "ON Packages.MaintainerUID = Users.ID " . >> + $query = "SELECT {$fields}, " . >> + "mUsers.Username AS Maintainer, " . >> + "sUsers.Username AS Submitter " . >> + "FROM Packages " . >> + "LEFT JOIN Users AS mUsers ON Packages.MaintainerUID = >> mUsers.ID " . >> + "LEFT JOIN Users AS sUsers ON Packages.SubmitterUID = sUsers.ID >> " . > > Does this need to be a left join? > I could see the need for a left join on maintainer, due to a a package > not having a maintainer, but do we have any packages without a > submitter? > > If not, then an inner join would probably be faster, since it wouldn't > have to _basically_ do the inner join and THEN try to find any null > columns and add those too. okay - i will change that and re-submit the patch later. >> "WHERE ${where_condition}"; >> $result = db_query($query, $this->dbh); >> >> -- >> 1.7.5.1 >> > From kachelaqa at gmail.com Tue May 10 18:06:36 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Tue, 10 May 2011 23:06:36 +0100 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: <4DC9A850.3020303@gmail.com> References: <4DC99E08.6030909@gmail.com> <4DC9A850.3020303@gmail.com> Message-ID: <4DC9B6EC.2000004@gmail.com> On 10/05/11 22:04, kachelaqa wrote: > On 10/05/11 21:54, elij wrote: >> Does this need to be a left join? >> I could see the need for a left join on maintainer, due to a a package >> not having a maintainer, but do we have any packages without a >> submitter? >> >> If not, then an inner join would probably be faster, since it wouldn't >> have to _basically_ do the inner join and THEN try to find any null >> columns and add those too. > > okay - i will change that and re-submit the patch later. here is the amended patch. --- web/lib/aurjson.class.php | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..1518edb 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -19,7 +19,7 @@ class AurJSON { ); private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', - 'Description', 'URL', 'License', + 'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' ); @@ -85,9 +85,14 @@ class AurJSON { private function process_query($type, $where_condition) { $fields = implode(',', self::$fields); - $query = "SELECT Users.Username as Maintainer, {$fields} " . - "FROM Packages LEFT JOIN Users " . - "ON Packages.MaintainerUID = Users.ID " . + $query = "SELECT {$fields}, " . + "mUsers.Username AS Maintainer, " . + "sUsers.Username AS Submitter " . + "FROM Packages " . + "LEFT JOIN Users AS mUsers " . + "ON Packages.MaintainerUID = mUsers.ID " . + "INNER JOIN Users AS sUsers " . + "ON Packages.SubmitterUID = sUsers.ID " . "WHERE ${where_condition}"; $result = db_query($query, $this->dbh); -- 1.7.5.1 From elij.mx at gmail.com Tue May 10 18:17:41 2011 From: elij.mx at gmail.com (elij) Date: Tue, 10 May 2011 15:17:41 -0700 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: <4DC9A850.3020303@gmail.com> References: <4DC99E08.6030909@gmail.com> <4DC9A850.3020303@gmail.com> Message-ID: On Tue, May 10, 2011 at 2:04 PM, kachelaqa wrote: > On 10/05/11 21:54, elij wrote: >> >> On Tue, May 10, 2011 at 1:20 PM, kachelaqa ?wrote: >>> >>> this patch is a follow up to my earlier feature request (FS#24183). >> >> Does anyone really care who the original submitter was? >> I think maintainer makes sense, but submitter? > > submitter is currently shown on the package details page, as is first > submitted. > >> So, while I disagree with adding submitter, I think that adding last >> modified is a good idea. > > i think all the available information should be included. I disagree with such a broad statement as this. By that logic all comments should be included too, which I also think would be a bad idea. Perhaps you meant 'all package table data', which (while I would still disagree with in this instance) would be more reasonable. I think it makes sense to include data that is useful, while excluding data that is either unused or of very little use *in the context of the api*. In general, I am a minimalist. Also keep in mind traffic volume, and note that additional data points means more [bytes] traffic sent down the pipe to end users. The rpc is a fairly high volume interface, as Dan has previously outlined based on server logs. This point probably isn't such a large concern for the small amount of that this patch adds to the result set, but something like including comments would be very much at odds with the api design and goals. I include this point for completeness only. As an aside, I would argue that the submitter field should be removed from the aur altogether, as the current maintainer is the only really useful datapoint of the two. >>> --- >>> ?web/lib/aurjson.class.php | ? 11 +++++++---- >>> ?1 files changed, 7 insertions(+), 4 deletions(-) >>> >>> diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php >>> index 50cf6d0..2269edc 100644 >>> --- a/web/lib/aurjson.class.php >>> +++ b/web/lib/aurjson.class.php >>> @@ -19,7 +19,7 @@ class AurJSON { >>> ? ? ); >>> ? ? private static $fields = array( >>> ? ? ? ? 'Packages.ID', 'Name', 'Version', 'CategoryID', >>> - ? ? ? ?'Description', 'URL', 'License', >>> + ? ? ? ?'Description', 'URL', 'License', 'SubmittedTS', 'ModifiedTS', >>> ? ? ? ? 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' >>> ? ? ); >>> >>> @@ -85,9 +85,12 @@ class AurJSON { >>> >>> ? ? private function process_query($type, $where_condition) { >>> ? ? ? ? $fields = implode(',', self::$fields); >>> - ? ? ? ?$query = "SELECT Users.Username as Maintainer, {$fields} " . >>> - ? ? ? ? ? ?"FROM Packages LEFT JOIN Users " . >>> - ? ? ? ? ? ?"ON Packages.MaintainerUID = Users.ID " . >>> + ? ? ? ?$query = "SELECT {$fields}, " . >>> + ? ? ? ? ? ?"mUsers.Username AS Maintainer, " . >>> + ? ? ? ? ? ?"sUsers.Username AS Submitter " . >>> + ? ? ? ? ? ?"FROM Packages " . >>> + ? ? ? ? ? ?"LEFT JOIN Users AS mUsers ON Packages.MaintainerUID = >>> mUsers.ID " . >>> + ? ? ? ? ? ?"LEFT JOIN Users AS sUsers ON Packages.SubmitterUID = >>> sUsers.ID >>> " . >> >> Does this need to be a left join? >> I could see the need for a left join on maintainer, due to a a package >> not having a maintainer, but do we have any packages without a >> submitter? >> >> If not, then an inner join would probably be faster, since it wouldn't >> have to _basically_ do the inner join and THEN try to find any null >> columns and add those too. > > okay - i will change that and re-submit the patch later. > >>> ? ? ? ? ? ? "WHERE ${where_condition}"; >>> ? ? ? ? $result = db_query($query, $this->dbh); >>> >>> -- >>> 1.7.5.1 >>> >> > > From kachelaqa at gmail.com Tue May 10 18:44:56 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Tue, 10 May 2011 23:44:56 +0100 Subject: [aur-dev] [PATCH] add subitter, first submitted and last modified to json output In-Reply-To: References: <4DC99E08.6030909@gmail.com> <4DC9A850.3020303@gmail.com> Message-ID: <4DC9BFE8.9020109@gmail.com> On 10/05/11 23:17, elij wrote: > On Tue, May 10, 2011 at 2:04 PM, kachelaqa wrote: >> i think all the available information should be included. > > I disagree with such a broad statement as this. > By that logic all comments should be included too, which I also think > would be a bad idea. > Perhaps you meant 'all package table data', which (while I would still > disagree with in this instance) would be more reasonable. yes, that is what i meant - just the package table data. > I think it makes sense to include data that is useful, while excluding > data that is either unused or of very little use *in the context of > the api*. In general, I am a minimalist. i agree that submitter is by far the least useful item of information. > Also keep in mind traffic volume, and note that additional data points > means more [bytes] traffic sent down the pipe to end users. The rpc is > a fairly high volume interface, as Dan has previously outlined based > on server logs. This point probably isn't such a large concern for the > small amount of that this patch adds to the result set, but something > like including comments would be very much at odds with the api design > and goals. I include this point for completeness only. this is actually the main aim of my patch. currently, it is necessary to make three separate queries to get all the information about a package. one for the rpc data, one to scrape 'maintainer', 'last updated', etc from the package details page, and one for the pkgbuild. the second query can be eliminated altogether if all the package table data can be obtained from the rpc query. > As an aside, I would argue that the submitter field should be removed > from the aur altogether, as the current maintainer is the only really > useful datapoint of the two. i have no problem with this, at all. maybe i should revise my patch to add only the 'last updated' and 'first submitted' data. it would certainly make it a lot simpler! From elij.mx at gmail.com Wed May 11 00:01:26 2011 From: elij.mx at gmail.com (elij) Date: Tue, 10 May 2011 21:01:26 -0700 Subject: [aur-dev] Couple of patches Message-ID: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> Here are a few patches. The first patch removes the 'submitter' field from the web-ui package results. The second patch fixes several instances where db_query's result was not tested before performing mysql queries upon it. This patch might be a tad messy due to some unfortunate 'vim retab!' foolery. A result of forgetting to set noexpandtab before editing and writing out some changes. Mostly just a silly reformatting of some document strings. If the rest of the patch is wanted, I can rebase and re-edit this particular patch if desired. The third patch fixes an odd case I ran into where a user didn't exist, but a query was being performed anyway -- and relying on the sql failure to handle the lack of account. The final patch was just fixing an inconsistency I ran across, where depending on the error state, either a zero or an empty string was returned. php evaluates both to false, so it doesn't _really_ matter, but consistency is nice. :) From elij.mx at gmail.com Wed May 11 00:01:27 2011 From: elij.mx at gmail.com (elij) Date: Tue, 10 May 2011 21:01:27 -0700 Subject: [aur-dev] [PATCH 1/4] remove submitter from package data In-Reply-To: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> References: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> Message-ID: <1305086490-67882-2-git-send-email-elij.mx@gmail.com> --- web/html/pkgsubmit.php | 3 +-- web/lib/pkgfuncs.inc | 10 +--------- web/template/pkg_details.php | 11 ----------- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 26608ea..4f0c076 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -339,7 +339,7 @@ if ($uid): } else { # This is a brand new package - $q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)", + $q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d)", mysql_real_escape_string($new_pkgbuild['pkgname']), mysql_real_escape_string($new_pkgbuild['license']), mysql_real_escape_string($new_pkgbuild['pkgver']), @@ -347,7 +347,6 @@ if ($uid): mysql_real_escape_string($_REQUEST['category']), mysql_real_escape_string($new_pkgbuild['pkgdesc']), mysql_real_escape_string($new_pkgbuild['url']), - $uid, $uid); db_query($q, $dbh); diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 7b43e45..c32037e 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -40,7 +40,7 @@ function canDeleteCommentArray($comment, $atype="", $uid=0) { # see if this Users.ID can manage the package # -function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) { +function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $managed=0) { if (!$uid) {return 0;} # The uid of the TU/Dev that manages the package @@ -51,10 +51,6 @@ function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) { # if ($uid == $MUID && !$managed) {return 1;} - # If the package isn't maintained by a TU/Dev, is this the user-submitter? - # - if ($uid == $SUID && !$managed) {return 1;} - # otherwise, no right to manage this package # return 0; @@ -438,10 +434,6 @@ function pkg_search_page($SID="") { if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { $q_where .= "AND Users.Username = '".$_GET['K']."' "; } - # Search by submitter - elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "s") { - $q_where .= "AND SubmitterUID = ".uid_from_username($_GET['K'])." "; - } # Search by name elseif (isset($_GET["SeB"]) && $_GET["SeB"] == "n") { $q_where .= "AND (Name LIKE '%".$_GET['K']."%') "; diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index 0658063..6fe0ec3 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -26,16 +26,6 @@ else { $edit_cat = "Category: " . $row['Category'] . ""; } -if ($row["SubmitterUID"]) { - $submitter = username_from_id($row["SubmitterUID"]); - if ($SID) { - $submitter = '' . htmlspecialchars($submitter) . ''; - } - -} else { - $submitter = "None"; -} - if ($row["MaintainerUID"]) { $maintainer = username_from_id($row["MaintainerUID"]); if ($SID) { @@ -74,7 +64,6 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[

-- 1.7.2.5 From elij.mx at gmail.com Wed May 11 00:01:28 2011 From: elij.mx at gmail.com (elij) Date: Tue, 10 May 2011 21:01:28 -0700 Subject: [aur-dev] [PATCH 2/4] test return value from db_query before assuming it is valid In-Reply-To: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> References: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> Message-ID: <1305086490-67882-3-git-send-email-elij.mx@gmail.com> make the sql query form consistent in usage by cleaning up instances where db_query's result was not inspected before attempting to fetch row data from the handle --- web/html/addvote.php | 16 +++++- web/html/tu.php | 17 +++++- web/lib/acctfuncs.inc | 59 +++++++++++-------- web/lib/aur.inc | 8 ++- web/lib/pkgfuncs.inc | 116 +++++++++++++++++++++---------------- web/template/actions_form.php | 52 ++++++++++-------- web/template/pkg_search_form.php | 2 +- web/template/tu_list.php | 8 ++- 8 files changed, 172 insertions(+), 106 deletions(-) diff --git a/web/html/addvote.php b/web/html/addvote.php index 5936d56..a459610 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -21,14 +21,26 @@ if ($atype == "Trusted User" OR $atype == "Developer") { if (!empty($_POST['user'])) { $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'"; - $check = mysql_num_rows(db_query($qcheck, $dbh)); + $result = db_query($qcheck, $dbh); + if ($result) { + $check = mysql_num_rows($result); + } + else { + $check = 0; + } if ($check == 0) { $error.= __("Username does not exist."); } else { $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'"; $qcheck.= " AND End > UNIX_TIMESTAMP()"; - $check = mysql_num_rows(db_query($qcheck, $dbh)); + $result = db_query($qcheck, $dbh); + if ($result) { + $check = mysql_num_rows($result); + } + else { + $check = 0; + } if ($check != 0) { $error.= __("%s already has proposal running for them.", htmlentities($_POST['user'])); diff --git a/web/html/tu.php b/web/html/tu.php index c5cc36b..6ab8ae9 100644 --- a/web/html/tu.php +++ b/web/html/tu.php @@ -36,7 +36,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $qvoted = "SELECT * FROM TU_Votes WHERE "; $qvoted.= "VoteID = " . $row['ID'] . " AND "; $qvoted.= "UserID = " . uid_from_sid($_COOKIE["AURSID"]); - $hasvoted = mysql_num_rows(db_query($qvoted, $dbh)); + $result = db_query($qvoted, $dbh); + if ($result) { + $hasvoted = mysql_num_rows($result); + } + else { + $hasvoted = 0; + } # List voters of a proposal. $qwhoVoted = "SELECT tv.UserID,U.Username @@ -85,10 +91,15 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $canvote = 0; $errorvote = __("You've already voted for this proposal."); # Update if they voted - $hasvoted = mysql_num_rows(db_query($qvoted, $dbh)); + $result = db_query($qvoted, $dbh); + if ($result) { + $hasvoted = mysql_num_rows($result); + } $results = db_query($q, $dbh); - $row = mysql_fetch_assoc($results); + if ($results) { + $row = mysql_fetch_assoc($results); + } } } include("tu_details.php"); diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 8ffa2f7..5bcff8b 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -197,7 +197,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) - $error = __("The username is invalid.") . "

" . __("It must be between %s and %s characters long", USERNAME_MIN_LEN, USERNAME_MAX_LEN ) . "

-- 1.7.2.5 From elij.mx at gmail.com Wed May 11 19:25:36 2011 From: elij.mx at gmail.com (elij) Date: Wed, 11 May 2011 16:25:36 -0700 Subject: [aur-dev] [PATCH 2/4] test return value from db_query before assuming it is valid In-Reply-To: <1305155832-71983-1-git-send-email-elij.mx@gmail.com> References: <20110511141958.GC12088@blizzard> <1305155832-71983-1-git-send-email-elij.mx@gmail.com> Message-ID: hmm. looks like there were still a couple lines of formatting junk in this patch.. hilariously the ones I missed are converting spaces to tabs to be more consistent. &_& the count is low though. Skimming the patch file it looks like only 3 or 4 lines. I got the big ones pruned out of the patch though. From archlinux at cryptocrack.de Wed May 11 20:09:58 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Thu, 12 May 2011 02:09:58 +0200 Subject: [aur-dev] [PATCH 2/4] test return value from db_query before assuming it is valid In-Reply-To: <1305155832-71983-1-git-send-email-elij.mx@gmail.com> References: <20110511141958.GC12088@blizzard> <1305155832-71983-1-git-send-email-elij.mx@gmail.com> Message-ID: <20110512000958.GA26000@blizzard> On Wed, May 11, 2011 at 04:17:12PM -0700, elij wrote: > make the sql query form consistent in usage by cleaning up > instances where db_query's result was not inspected before > attempting to fetch row data from the handle > --- > web/html/addvote.php | 16 +++++++++- > web/html/tu.php | 17 +++++++++-- > web/lib/acctfuncs.inc | 59 ++++++++++++++++++++++++---------------- > web/lib/aur.inc | 8 ++++- > web/lib/pkgfuncs.inc | 43 +++++++++++++++++++++--------- > web/template/actions_form.php | 52 ++++++++++++++++++++---------------- > web/template/tu_list.php | 8 +++++- > 7 files changed, 135 insertions(+), 68 deletions(-) > Looks quite ok now. Which method did you use to spot these inconsistencies? Skimming through the source code it seems that there are some more query results that should be validated, like the "SELECT" one in "web/html/pkgsubmit.php". From archlinux at cryptocrack.de Wed May 11 20:11:11 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Thu, 12 May 2011 02:11:11 +0200 Subject: [aur-dev] [PATCH 3/4] fix case where user does not exist In-Reply-To: References: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> <1305086490-67882-4-git-send-email-elij.mx@gmail.com> <20110511142219.GD12088@blizzard> Message-ID: <20110512001110.GB26000@blizzard> On Wed, May 11, 2011 at 11:54:34AM -0700, elij wrote: > On Wed, May 11, 2011 at 7:22 AM, Lukas Fleischer > wrote: > > On Tue, May 10, 2011 at 09:01:29PM -0700, elij wrote: > >> the query was being performed when $id was not set, resulting in an > >> invalid sql query being performed. > >> --- > >> ?web/lib/acctfuncs.inc | ? ?3 +++ > >> ?1 files changed, 3 insertions(+), 0 deletions(-) > >> > >> diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc > >> index 5bcff8b..b2f0548 100644 > >> --- a/web/lib/acctfuncs.inc > >> +++ b/web/lib/acctfuncs.inc > >> @@ -786,6 +786,9 @@ function valid_passwd( $userID, $passwd ) > >> ? */ > >> ?function user_suspended( $id ) > >> ?{ > >> + ? ? if (!$id) { > >> + ? ? ? ? ? ? return false; > >> + ? ? } > >> ? ? ? $dbh = db_connect(); > >> ? ? ? $q = "SELECT Suspended FROM Users WHERE ID = " . $id; > >> ? ? ? $result = db_query($q, $dbh); > > > > Looks ok, but I'd rather say we should locate the code path that led to > > the unset parameter and add some additional validation there to avoid > > further unexpected behaviour. > > The source is in try_login (also in lib/acctfuncs.inc): > > if ( isset($_REQUEST['user']) || isset($_REQUEST['passwd']) ) { > $userID = valid_user($_REQUEST['user']); > if ( user_suspended( $userID ) ) { > $login_error = "Account Suspended."; > } Thanks. I will look into that. > valid_user (also in the same file) can return (no value) in some cases. > that large if/elseif block in try_login could probably have some more > conditions added to test for existence of $userID before calling > user_suspended on it. Still.. it might make sense to have a guard (the > test added with this patch) in the function itself in case usage of it > down the road changes (another code path or something). Yeah, will be pushed. From archlinux at cryptocrack.de Wed May 11 20:20:33 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Thu, 12 May 2011 02:20:33 +0200 Subject: [aur-dev] [PATCH 1/4] remove submitter from package data In-Reply-To: References: <1305086490-67882-1-git-send-email-elij.mx@gmail.com> <1305086490-67882-2-git-send-email-elij.mx@gmail.com> <20110511141126.GB12088@blizzard>

Message-ID: <20110512002033.GC26000@blizzard> On Wed, May 11, 2011 at 12:00:50PM -0700, elij wrote: > On Wed, May 11, 2011 at 11:51 AM, Dan McGee wrote: > > On Wed, May 11, 2011 at 1:48 PM, elij wrote: > >> On Wed, May 11, 2011 at 7:11 AM, Lukas Fleischer > >> wrote: > >>> On Tue, May 10, 2011 at 09:01:27PM -0700, elij wrote: > >>>> --- > >>>> ?web/html/pkgsubmit.php ? ? ? | ? ?3 +-- > >>>> ?web/lib/pkgfuncs.inc ? ? ? ? | ? 10 +--------- > >>>> ?web/template/pkg_details.php | ? 11 ----------- > >>>> ?3 files changed, 2 insertions(+), 22 deletions(-) > >>>> > >>> > >>> The submitter field proved to be useful in some cases where a package > >>> was moved from the official repos to the AUR and either turned out to be > >>> incomplete or wasn't properly removed from the official repos. > >> > >> I guess I don't see what benefit the submitter field would have in > >> such an instance. > >> If someone moved it from the official repos to the aur, would they not > >> be the submitter and also the maintainer? > > Initially, yes. And then we all usually orphan the junk because we > > don't want it, we just put it there for postarity, so you've > > immediately lost information. > > > > I think it has a lot less usefulness on the web page itself (at least > > for the general public), so I wouldn't be against culling it there, > > but as far as a point of reference when trying to look at the > > packages, it makes since to keep around. It can be far different than > > what the maintainer field tells you. > > Hmm. So keeping it but maybe only showing it to TU or Developer class > users may be more appropriate. Agreed. > Alternatively, it almost sounds like maintainer and submitter could be > merged into an 'owner' value, and track owner history somehow (record > each change of ownership in a join table). That might add the ability > to track users that upload lots of packages, then disown them too. And > track packages with high owner turnover (may tell whether a package is > painful or burdensome to maintain). Hm, sounds cool, but I'm not sure if it's worth implementing. I don't see any real benefit from the feature itself or from the statistics that could be created using this yet. > > If such a thing were implemented though, I think it should be > displayed only to TU or Developer class users. I can't see general > users finding much use for it, but I could be wrong. From elij.mx at gmail.com Wed May 11 23:05:40 2011 From: elij.mx at gmail.com (elij) Date: Wed, 11 May 2011 20:05:40 -0700 Subject: [aur-dev] [PATCH 2/4] test return value from db_query before assuming it is valid In-Reply-To: <20110512000958.GA26000@blizzard> References: <20110511141958.GC12088@blizzard> <1305155832-71983-1-git-send-email-elij.mx@gmail.com> <20110512000958.GA26000@blizzard> Message-ID: On Wed, May 11, 2011 at 5:09 PM, Lukas Fleischer wrote: > On Wed, May 11, 2011 at 04:17:12PM -0700, elij wrote: >> make the sql query form consistent in usage by cleaning up >> instances where db_query's result was not inspected before >> attempting to fetch row data from the handle >> --- >> ?web/html/addvote.php ? ? ? ? ?| ? 16 +++++++++- >> ?web/html/tu.php ? ? ? ? ? ? ? | ? 17 +++++++++-- >> ?web/lib/acctfuncs.inc ? ? ? ? | ? 59 ++++++++++++++++++++++++---------------- >> ?web/lib/aur.inc ? ? ? ? ? ? ? | ? ?8 ++++- >> ?web/lib/pkgfuncs.inc ? ? ? ? ?| ? 43 +++++++++++++++++++++--------- >> ?web/template/actions_form.php | ? 52 ++++++++++++++++++++---------------- >> ?web/template/tu_list.php ? ? ?| ? ?8 +++++- >> ?7 files changed, 135 insertions(+), 68 deletions(-) >> > > Looks quite ok now. Which method did you use to spot these > inconsistencies? After I found and noticed one (was working on some code that triggered a php warning due to the issue, I did the following grep to find more instances. I was primarily looking for instances where db_query was being _directly_ passed to mysql_fetch_* functions. grep -R db_query /path/to/web/ | grep mysql > Skimming through the source code it seems that there > are some more query results that should be validated, like the "SELECT" > one in "web/html/pkgsubmit.php". Yeah, I didn't originally look for these, but I found some more with this.. grep -R -n -A1 db_query * | grep -B1 mysql That find instances where db_query is directly followed (next line) by a mysql_ function. Looking at these a few are cases of 'not testing return value of db_query before eval'. output of above command: # looks like it needs to be fixed html/pkgsubmit.php:303: $result = db_query($q, $dbh); html/pkgsubmit.php-304- $pdata = mysql_fetch_assoc($result); # this one look relatively ok. just an insert. html/pkgsubmit.php:352: db_query($q, $dbh); html/pkgsubmit.php-353- $packageID = mysql_insert_id($dbh); # looks like it needs to be fixed html/account.php:51: $result = db_query($q, $dbh); html/account.php-52- if (!mysql_num_rows($result)) { # looks like it needs to be fixed html/account.php:78: $result = db_query($q, $dbh); html/account.php-79- if (!mysql_num_rows($result)) { # looks like it needs to be fixed html/account.php:115: $result = db_query($q, $dbh); html/account.php-116- if (!mysql_num_rows($result)) { # looks like it needs to be fixed html/tu.php:28: $results = db_query($q, $dbh); html/tu.php-29- $row = mysql_fetch_assoc($results); # looks like it needs to be fixed html/tu.php:53: $result = db_query($qwhoVoted,$dbh); html/tu.php-54- if (mysql_num_rows($result) > 0) { # this one is probably ok. it uses the handle to get a 'changed row count' html/passreset.php:45: $result = db_query($q, $dbh); html/passreset.php-46- if (!mysql_affected_rows($dbh)) { # looks like it needs to be fixed lib/pkgfuncs.inc:254: $result = db_query($q, $dbh); lib/pkgfuncs.inc-255- if (mysql_num_rows($result) > 0) { # looks like it needs to be fixed lib/pkgfuncs.inc:637: $result = db_query($q, $dbh); lib/pkgfuncs.inc-638- if (mysql_num_rows($result)) { # looks like it needs to be fixed lib/pkgfuncs.inc:879: $result = db_query($q, $dbh); lib/pkgfuncs.inc-880- if (!mysql_num_rows($result)) { # looks like it needs to be fixed lib/stats.inc:24: $result = db_query($dbq, $dbh); lib/stats.inc-25- $row = mysql_fetch_row($result); # looks like it needs to be fixed lib/aur.inc:30: $result = db_query($q, $dbh); lib/aur.inc-31- if (mysql_num_rows($result) == 0) { # looks like it needs to be fixed lib/aur.inc:348: $result = db_query($q, $dbh); lib/aur.inc-349- if (mysql_num_rows($result) == 0) {return 1;} # looks like it needs to be fixed template/pkg_comment_form.php:31: $result = db_query($q, $dbh); template/pkg_comment_form.php-32- $row = mysql_fetch_assoc($result); Some of this could probably be cleaned up through judicious use of a few wrapper functions, with the added benefit of abstracting the sql away like we had previously talked about... Still, you eat an elephant with small bites, so I think fixing these directly for now would probably be the quickest path to resolution. This would also ease abstraction later, because it would add sensible checks at the same location where abstraction would need to test for query results anyway. From kachelaqa at gmail.com Thu May 12 07:42:36 2011 From: kachelaqa at gmail.com (kachelaqa) Date: Thu, 12 May 2011 12:42:36 +0100 Subject: [aur-dev] [PATCH] add first submitted and last modified to rpc output Message-ID: <4DCBC7AC.20707@gmail.com> after reading the discussion about the submitter field, i looked again at my previous patch and realized that it was not very good at all. hopefully this simplified version will be more acceptable. the justification for this patch is that many third-party tools will want to know how new a package is, or when it last changed. adding the submitted and modified timestamps will allow users to get all the relevant package data in a single query. --- web/lib/aurjson.class.php | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..cad722e 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -20,7 +20,8 @@ class AurJSON { private static $fields = array( 'Packages.ID', 'Name', 'Version', 'CategoryID', 'Description', 'URL', 'License', - 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' + 'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate', + 'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified' ); /** -- 1.7.5.1 From elij.mx at gmail.com Thu May 12 17:34:06 2011 From: elij.mx at gmail.com (elij) Date: Thu, 12 May 2011 14:34:06 -0700 Subject: [aur-dev] [PATCH] add first submitted and last modified to rpc output In-Reply-To: <4DCBC7AC.20707@gmail.com> References: <4DCBC7AC.20707@gmail.com> Message-ID: On Thu, May 12, 2011 at 4:42 AM, kachelaqa wrote: > after reading the discussion about the submitter field, i looked again at my > previous patch and realized that it was not very good at all. > > hopefully this simplified version will be more acceptable. I like this patch now, if that counts for anything. :P > the justification for this patch is that many third-party tools will want to > know how new a package is, or when it last changed. adding the submitted and > modified timestamps will allow users to get all the relevant package data in > a single query. > > --- > ?web/lib/aurjson.class.php | ? ?3 ++- > ?1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php > index 50cf6d0..cad722e 100644 > --- a/web/lib/aurjson.class.php > +++ b/web/lib/aurjson.class.php > @@ -20,7 +20,8 @@ class AurJSON { > ? ? private static $fields = array( > ? ? ? ? 'Packages.ID', 'Name', 'Version', 'CategoryID', > ? ? ? ? 'Description', 'URL', 'License', > - ? ? ? ?'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate' > + ? ? ? ?'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate', > + ? ? ? ?'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified' > ? ? ); > > ? ? /** > -- > 1.7.5.1 > > From elij.mx at gmail.com Fri May 13 15:55:40 2011 From: elij.mx at gmail.com (elij) Date: Fri, 13 May 2011 12:55:40 -0700 Subject: [aur-dev] [PATCH 1/1] add support for etag and conditional get (if-none-match) Message-ID: <1305316540-84632-1-git-send-email-elij.mx@gmail.com> Add etag and if-none-match conditional get support. This will allow 'smart client' to save network bandwidth, as they can save the etag hash value for queries and test it later. Still an http request because this patch specifically sets a cache lifetime of zero, and must-revalidate. The benefit here is bandwidth savings. Caching based on expires headers would likely be counter productive, as the api data can change rather quickly...but etag is a nice compromise, and could be quite beneficial for bandwidth recution in some scenarios. --- web/lib/aurjson.class.php | 30 +++++++++++++++++++++++++++++- 1 files changed, 29 insertions(+), 1 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 50cf6d0..a96cc4b 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -29,6 +29,17 @@ class AurJSON { * @return string The JSON formatted response data. **/ public function handle($http_data) { + // unset global aur headers from aur.inc + // leave expires header to enforce validation + // header_remove('Expires'); + // unset global aur.inc pragma header. We want to allow caching of data + // in proxies, but require validation of data (if-none-match) if + // possible + header_remove('Pragma'); + // overwrite cache-control header set in aur.inc to allow caching, but + // require validation + header('Cache-Control: public, must-revalidate, max-age=0'); + // handle error states if ( !isset($http_data['type']) || !isset($http_data['arg']) ) { return $this->json_error('No request type/data specified.'); @@ -43,6 +54,24 @@ class AurJSON { $json = call_user_func(array(&$this, $http_data['type']), $http_data['arg']); + // calculate etag as an md5 based on the json result + // this could be optimized by calculating the etag on the + // query result object before converting to json (step into + // the above function call) and adding the 'type' to the response, + // but having all this code here is cleaner and 'good enough' + $etag = md5($json); + header("Etag: \"$etag\""); + // make sure to strip a few things off the if-none-match + // header. stripping whitespace may not be required, but + // removing the quote on the incoming header is required + // to make the equality test + $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ? + trim($_SERVER['HTTP_IF_NONE_MATCH'], "\t\n\r\" ") : false; + if ($if_none_match && $if_none_match == $etag) { + header('HTTP/1.1 304 Not Modified'); + return; + } + // allow rpc callback for XDomainAjax if ( isset($http_data['callback']) ) { // it is more correct to send text/javascript @@ -179,7 +208,6 @@ class AurJSON { $where_condition = sprintf("Name=\"%s\"", mysql_real_escape_string($pqdata, $this->dbh)); } - return $this->process_query('info', $where_condition); } -- 1.7.2.5 From archlinux at cryptocrack.de Sun May 15 14:48:37 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Sun, 15 May 2011 20:48:37 +0200 Subject: [aur-dev] [PATCH] add first submitted and last modified to rpc output In-Reply-To: <4DCBC7AC.20707@gmail.com> References: <4DCBC7AC.20707@gmail.com> Message-ID: <20110515184837.GA25606@blizzard> On Thu, May 12, 2011 at 12:42:36PM +0100, kachelaqa wrote: > after reading the discussion about the submitter field, i looked > again at my previous patch and realized that it was not very good at > all. > > hopefully this simplified version will be more acceptable. > > the justification for this patch is that many third-party tools will > want to know how new a package is, or when it last changed. adding > the submitted and modified timestamps will allow users to get all > the relevant package data in a single query. > > --- > web/lib/aurjson.class.php | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > Yeah, agreed :) From archlinux at cryptocrack.de Sun May 15 15:19:04 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Sun, 15 May 2011 21:19:04 +0200 Subject: [aur-dev] [PATCH 1/1] add support for etag and conditional get (if-none-match) In-Reply-To: <1305316540-84632-1-git-send-email-elij.mx@gmail.com> References: <1305316540-84632-1-git-send-email-elij.mx@gmail.com> Message-ID: <20110515191904.GB25606@blizzard> On Fri, May 13, 2011 at 12:55:40PM -0700, elij wrote: > Add etag and if-none-match conditional get support. This will allow > 'smart client' to save network bandwidth, as they can save the etag > hash value for queries and test it later. Still an http request because > this patch specifically sets a cache lifetime of zero, and must-revalidate. > The benefit here is bandwidth savings. Caching based on expires headers would > likely be counter productive, as the api data can change rather quickly...but > etag is a nice compromise, and could be quite beneficial for bandwidth recution > in some scenarios. > --- > web/lib/aurjson.class.php | 30 +++++++++++++++++++++++++++++- > 1 files changed, 29 insertions(+), 1 deletions(-) > I kinda like that one although I'm not really sure if this kind of caching is convenient enough here... Having a bit more detailed look at the single query methods: * search, msearch: Probably won't be repeated on a single client very often ("repeated" meaning doing the same search query more than once). * info: Gain will probably be low as the query results are very small. * multiinfo: Query results will change quite often, while the actual diffs will be small in most cases. Some delta based stuff may be more effective here but that will probably be overkill. ETags seem to be a good compromise, yeah :) From elij.mx at gmail.com Sun May 15 15:46:29 2011 From: elij.mx at gmail.com (elij) Date: Sun, 15 May 2011 12:46:29 -0700 Subject: [aur-dev] [PATCH 1/1] add support for etag and conditional get (if-none-match) In-Reply-To: <20110515191904.GB25606@blizzard> References: <1305316540-84632-1-git-send-email-elij.mx@gmail.com> <20110515191904.GB25606@blizzard> Message-ID: On Sun, May 15, 2011 at 12:19 PM, Lukas Fleischer wrote: > On Fri, May 13, 2011 at 12:55:40PM -0700, elij wrote: >> Add etag and if-none-match conditional get support. This will allow >> 'smart client' to save network bandwidth, as they can save the etag >> hash value for queries and test it later. Still an http request because >> this patch specifically sets a cache lifetime of zero, and must-revalidate. >> The benefit here is bandwidth savings. Caching based on expires headers would >> likely be counter productive, as the api data can change rather quickly...but >> etag is a nice compromise, and could be quite beneficial for bandwidth recution >> in some scenarios. >> --- >> ?web/lib/aurjson.class.php | ? 30 +++++++++++++++++++++++++++++- >> ?1 files changed, 29 insertions(+), 1 deletions(-) >> > > I kinda like that one although I'm not really sure if this kind of > caching is convenient enough here... Having a bit more detailed look at > the single query methods: > > * search, msearch: Probably won't be repeated on a single client very > ?often ("repeated" meaning doing the same search query more than once). > > * info: Gain will probably be low as the query results are very small. > > * multiinfo: Query results will change quite often, while the actual > ?diffs will be small in most cases. > > Some delta based stuff may be more effective here but that will probably > be overkill. ETags seem to be a good compromise, yeah :) Yeah. I see a couple of instances that would benefit from it. 1) Direct browser viewing of api urls. Developers or end users entering query strings manually. 2) My live-search implementation (and similar type apps) _should_ work better, as back and forward button (or identical search terms) should be cached client side by the browser. 3) A cli client could be modified to cache data, but I imagine the benefits here would be small, as I don't believe end users would repeat many queries in a short enough timeframe (before some data changes) to get much benefit from caching. Who knows though. heh 4) Could be a benefit for large groups of clients behind a cache proxy. 5) Could be a benefit if the arch server admins ever decided to throw varnish in front of the aur (or just the api). From elij.mx at gmail.com Mon May 16 19:09:54 2011 From: elij.mx at gmail.com (elij) Date: Mon, 16 May 2011 16:09:54 -0700 Subject: [aur-dev] [PATCH 1/1] wrap mysql_real_escape_string in a function Message-ID: <1305587394-28017-1-git-send-email-elij.mx@gmail.com> wrap mysql_real_escape_string in a wrapper function db_escape_string to ease porting to other databases, and as another step to pulling more of the database code into a central location. --- web/html/account.php | 2 +- web/html/addvote.php | 10 +++++----- web/html/logout.php | 2 +- web/html/passreset.php | 4 ++-- web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------ web/html/voters.php | 2 +- web/lib/acctfuncs.inc | 26 +++++++++++++------------- web/lib/aur.inc | 7 +++++++ web/lib/aurjson.class.php | 8 ++++---- web/lib/pkgfuncs.inc | 12 ++++++------ web/lib/stats.inc | 2 +- web/template/pkg_comment_form.php | 2 +- 12 files changed, 60 insertions(+), 53 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index afb0d7c..b66d453 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -111,7 +111,7 @@ if (isset($_COOKIE["AURSID"])) { $q.= "WHERE AccountTypes.ID = Users.AccountTypeID "; $q.= "AND Users.ID = Sessions.UsersID "; $q.= "AND Sessions.SessionID = '"; - $q.= mysql_real_escape_string($_COOKIE["AURSID"])."'"; + $q.= db_escape_string($_COOKIE["AURSID"])."'"; $result = db_query($q, $dbh); if (!mysql_num_rows($result)) { print __("Could not retrieve information for the specified user."); diff --git a/web/html/addvote.php b/web/html/addvote.php index 5936d56..e0d8b55 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -20,13 +20,13 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $error = ""; if (!empty($_POST['user'])) { - $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'"; + $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'"; $check = mysql_num_rows(db_query($qcheck, $dbh)); if ($check == 0) { $error.= __("Username does not exist."); } else { - $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'"; + $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'"; $qcheck.= " AND End > UNIX_TIMESTAMP()"; $check = mysql_num_rows(db_query($qcheck, $dbh)); @@ -55,9 +55,9 @@ if ($atype == "Trusted User" OR $atype == "Developer") { if (!empty($_POST['addVote']) && empty($error)) { $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; - $q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', "; - $q.= "'" . mysql_real_escape_string($_POST['user']) . "', "; - $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len); + $q.= "('" . db_escape_string($_POST['agenda']) . "', "; + $q.= "'" . db_escape_string($_POST['user']) . "', "; + $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len); $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; db_query($q, $dbh); diff --git a/web/html/logout.php b/web/html/logout.php index 95cf460..f071fc3 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -12,7 +12,7 @@ include_once("acctfuncs.inc"); # access AUR common functions if (isset($_COOKIE["AURSID"])) { $dbh = db_connect(); $q = "DELETE FROM Sessions WHERE SessionID = '"; - $q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; + $q.= db_escape_string($_COOKIE["AURSID"]) . "'"; db_query($q, $dbh); # setting expiration to 1 means '1 second after midnight January 1, 1970' setcookie("AURSID", "", 1, "/"); diff --git a/web/html/passreset.php b/web/html/passreset.php index 0ce6f7d..10f4813 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -40,8 +40,8 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir Salt = '$salt', ResetKey = '' WHERE ResetKey != '' - AND ResetKey = '".mysql_real_escape_string($resetkey)."' - AND Email = '".mysql_real_escape_string($email)."'"; + AND ResetKey = '".db_escape_string($resetkey)."' + AND Email = '".db_escape_string($email)."'"; $result = db_query($q, $dbh); if (!mysql_affected_rows($dbh)) { $error = __('Invalid e-mail and reset key combination.'); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 26608ea..04f002b 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -299,7 +299,7 @@ if ($uid): $dbh = db_connect(); - $q = "SELECT * FROM Packages WHERE Name = '" . mysql_real_escape_string($new_pkgbuild['pkgname']) . "'"; + $q = "SELECT * FROM Packages WHERE Name = '" . db_escape_string($new_pkgbuild['pkgname']) . "'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -318,7 +318,7 @@ if ($uid): # If a new category was chosen, change it to that if ($_POST['category'] > 1) { $q = sprintf( "UPDATE Packages SET CategoryID = %d WHERE ID = %d", - mysql_real_escape_string($_REQUEST['category']), + db_escape_string($_REQUEST['category']), $packageID); db_query($q, $dbh); @@ -326,12 +326,12 @@ if ($uid): # Update package data $q = sprintf("UPDATE Packages SET ModifiedTS = UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($new_pkgbuild['pkgver']), - mysql_real_escape_string($new_pkgbuild['pkgrel']), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($new_pkgbuild['pkgver']), + db_escape_string($new_pkgbuild['pkgrel']), + db_escape_string($new_pkgbuild['license']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $packageID); @@ -340,13 +340,13 @@ if ($uid): } else { # This is a brand new package $q = sprintf("INSERT INTO Packages (Name, License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)", - mysql_real_escape_string($new_pkgbuild['pkgname']), - mysql_real_escape_string($new_pkgbuild['license']), - mysql_real_escape_string($new_pkgbuild['pkgver']), - mysql_real_escape_string($new_pkgbuild['pkgrel']), - mysql_real_escape_string($_REQUEST['category']), - mysql_real_escape_string($new_pkgbuild['pkgdesc']), - mysql_real_escape_string($new_pkgbuild['url']), + db_escape_string($new_pkgbuild['pkgname']), + db_escape_string($new_pkgbuild['license']), + db_escape_string($new_pkgbuild['pkgver']), + db_escape_string($new_pkgbuild['pkgrel']), + db_escape_string($_REQUEST['category']), + db_escape_string($new_pkgbuild['pkgdesc']), + db_escape_string($new_pkgbuild['url']), $uid, $uid); @@ -367,8 +367,8 @@ if ($uid): $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, - mysql_real_escape_string($deppkgname), - mysql_real_escape_string($depcondition)); + db_escape_string($deppkgname), + db_escape_string($depcondition)); db_query($q, $dbh); } @@ -378,7 +378,7 @@ if ($uid): foreach ($sources as $src) { if ($src != "" ) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; - $q .= $packageID . ", '" . mysql_real_escape_string($src) . "')"; + $q .= $packageID . ", '" . db_escape_string($src) . "')"; db_query($q, $dbh); } } diff --git a/web/html/voters.php b/web/html/voters.php index 6a16818..d27105f 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -5,7 +5,7 @@ include('pkgfuncs.inc'); function getvotes($pkgid) { $dbh = db_connect(); - $pkgid = mysql_real_escape_string($pkgid); + $pkgid = db_escape_string($pkgid); $result = db_query("SELECT UsersID,Username FROM PackageVotes LEFT JOIN Users on (UsersID = ID) WHERE PackageID = $pkgid ORDER BY Username", $dbh); return $result; diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 8ffa2f7..63d0926 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -225,7 +225,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Username = '".mysql_real_escape_string($U)."'"; + $q.= "WHERE Username = '".db_escape_string($U)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -243,7 +243,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # NOTE: a race condition exists here if we care... # $q = "SELECT COUNT(*) AS CNT FROM Users "; - $q.= "WHERE Email = '".mysql_real_escape_string($E)."'"; + $q.= "WHERE Email = '".db_escape_string($E)."'"; if ($TYPE == "edit") { $q.= " AND ID != ".intval($UID); } @@ -265,7 +265,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # no errors, go ahead and create the unprivileged user $salt = generate_salt(); $P = salted_hash($P, $salt); - $escaped = array_map('mysql_real_escape_string', + $escaped = array_map('db_escape_string', array($U, $E, $P, $salt, $R, $L, $I)); $q = "INSERT INTO Users (" . "AccountTypeID, Suspended, Username, Email, Passwd, Salt" . @@ -289,7 +289,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", # no errors, go ahead and modify the user account $q = "UPDATE Users SET "; - $q.= "Username = '".mysql_real_escape_string($U)."'"; + $q.= "Username = '".db_escape_string($U)."'"; if ($T) { $q.= ", AccountTypeID = ".intval($T); } @@ -298,15 +298,15 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", } else { $q.= ", Suspended = 0"; } - $q.= ", Email = '".mysql_real_escape_string($E)."'"; + $q.= ", Email = '".db_escape_string($E)."'"; if ($P) { $salt = generate_salt(); $hash = salted_hash($P, $salt); $q .= ", Passwd = '$hash', Salt = '$salt'"; } - $q.= ", RealName = '".mysql_real_escape_string($R)."'"; - $q.= ", LangPreference = '".mysql_real_escape_string($L)."'"; - $q.= ", IRCNick = '".mysql_real_escape_string($I)."'"; + $q.= ", RealName = '".db_escape_string($R)."'"; + $q.= ", LangPreference = '".db_escape_string($L)."'"; + $q.= ", IRCNick = '".db_escape_string($I)."'"; $q.= " WHERE ID = ".intval($UID); $result = db_query($q, $dbh); if (!$result) { @@ -372,19 +372,19 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", $search_vars[] = "S"; } if ($U) { - $q.= "AND Username LIKE '%".mysql_real_escape_string($U)."%' "; + $q.= "AND Username LIKE '%".db_escape_string($U)."%' "; $search_vars[] = "U"; } if ($E) { - $q.= "AND Email LIKE '%".mysql_real_escape_string($E)."%' "; + $q.= "AND Email LIKE '%".db_escape_string($E)."%' "; $search_vars[] = "E"; } if ($R) { - $q.= "AND RealName LIKE '%".mysql_real_escape_string($R)."%' "; + $q.= "AND RealName LIKE '%".db_escape_string($R)."%' "; $search_vars[] = "R"; } if ($I) { - $q.= "AND IRCNick LIKE '%".mysql_real_escape_string($I)."%' "; + $q.= "AND IRCNick LIKE '%".db_escape_string($I)."%' "; $search_vars[] = "I"; } switch ($SB) { @@ -716,7 +716,7 @@ function valid_user( $user ) if ( $user ) { $dbh = db_connect(); $q = "SELECT ID FROM Users WHERE Username = '" - . mysql_real_escape_string($user). "'"; + . db_escape_string($user). "'"; $result = mysql_fetch_row(db_query($q, $dbh)); diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 5eed8e7..97f04e9 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -219,6 +219,13 @@ function db_connect() { return $handle; } +# escapes strings for SQL query usage +# wraps the database driver's provided method +# wrapped for convenience and porting +function db_escape_string($unesc) { + return mysql_real_escape_string($unesc); +} + # disconnect from the database # this won't normally be needed as PHP/reference counting will take care of # closing the connection once it is no longer referenced diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index a96cc4b..6a31737 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -165,7 +165,7 @@ class AurJSON { if (is_numeric($arg)) { $id_args[] = intval($arg); } else { - $escaped = mysql_real_escape_string($arg, $this->dbh); + $escaped = db_escape_string($arg, $this->dbh); $name_args[] = "'" . $escaped . "'"; } } @@ -183,7 +183,7 @@ class AurJSON { return $this->json_error('Query arg too small'); } - $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); + $keyword_string = db_escape_string($keyword_string, $this->dbh); $keyword_string = addcslashes($keyword_string, '%_'); $where_condition = "( Name LIKE '%{$keyword_string}%' OR " . @@ -206,7 +206,7 @@ class AurJSON { } else { $where_condition = sprintf("Name=\"%s\"", - mysql_real_escape_string($pqdata, $this->dbh)); + db_escape_string($pqdata, $this->dbh)); } return $this->process_query('info', $where_condition); } @@ -248,7 +248,7 @@ class AurJSON { * @return mixed Returns an array of value data containing the package data **/ private function msearch($maintainer) { - $maintainer = mysql_real_escape_string($maintainer, $this->dbh); + $maintainer = db_escape_string($maintainer, $this->dbh); $where_condition = "Users.Username = '{$maintainer}'"; diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 7b43e45..9dbe384 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -94,7 +94,7 @@ function package_exists($name="") { if (!$name) {return NULL;} $dbh = db_connect(); $q = "SELECT ID FROM Packages "; - $q.= "WHERE Name = '".mysql_real_escape_string($name)."' "; + $q.= "WHERE Name = '".db_escape_string($name)."' "; $result = db_query($q, $dbh); if (!$result) {return NULL;} $row = mysql_fetch_row($result); @@ -127,7 +127,7 @@ function package_required($name="") { $dbh = db_connect(); $q = "SELECT p.Name, PackageID FROM PackageDepends pd "; $q.= "JOIN Packages p ON pd.PackageID = p.ID "; - $q.= "WHERE DepName = '".mysql_real_escape_string($name)."' "; + $q.= "WHERE DepName = '".db_escape_string($name)."' "; $q.= "ORDER BY p.Name"; $result = db_query($q, $dbh); if (!$result) {return array();} @@ -216,7 +216,7 @@ function pkgvotes_from_sid($sid="") { $q.= "FROM PackageVotes, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = PackageVotes.UsersID "; - $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -237,7 +237,7 @@ function pkgnotify_from_sid($sid="") { $q.= "FROM CommentNotify, Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; $q.= "AND Users.ID = CommentNotify.UserID "; - $q.= "AND Sessions.SessionID = '".mysql_real_escape_string($sid)."'"; + $q.= "AND Sessions.SessionID = '".db_escape_string($sid)."'"; $result = db_query($q, $dbh); if ($result) { while ($row = mysql_fetch_row($result)) { @@ -267,7 +267,7 @@ function pkgname_from_id($pkgid=0) { # function pkgname_is_blacklisted($name) { $dbh = db_connect(); - $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'"; + $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . db_escape_string($name) . "'"; $result = db_query($q, $dbh); if (!$result) return false; @@ -432,7 +432,7 @@ function pkg_search_page($SID="") { } if (isset($_GET['K'])) { - $_GET['K'] = mysql_real_escape_string(trim($_GET['K'])); + $_GET['K'] = db_escape_string(trim($_GET['K'])); # Search by maintainer if (isset($_GET["SeB"]) && $_GET["SeB"] == "m") { diff --git a/web/lib/stats.inc b/web/lib/stats.inc index 756fa27..81404c7 100644 --- a/web/lib/stats.inc +++ b/web/lib/stats.inc @@ -53,7 +53,7 @@ function updates_table($dbh) function user_table($user, $dbh) { global $apc_prefix; - $escuser = mysql_real_escape_string($user); + $escuser = db_escape_string($user); $base_q = "SELECT count(*) FROM Packages,Users WHERE Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; $maintainer_unsupported_count = db_cache_value($base_q, $dbh, diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index e52c92d..d3b602c 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -7,7 +7,7 @@ if (isset($_REQUEST['comment'])) { $q = 'INSERT INTO PackageComments '; $q.= '(PackageID, UsersID, Comments, CommentTS) VALUES ('; $q.= intval($_REQUEST['ID']) . ', ' . uid_from_sid($_COOKIE['AURSID']) . ', '; - $q.= "'" . mysql_real_escape_string($_REQUEST['comment']) . "', "; + $q.= "'" . db_escape_string($_REQUEST['comment']) . "', "; $q.= 'UNIX_TIMESTAMP())'; db_query($q, $dbh); -- 1.7.2.5 From archlinux at cryptocrack.de Tue May 17 11:58:05 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Tue, 17 May 2011 17:58:05 +0200 Subject: [aur-dev] [PATCH 1/1] wrap mysql_real_escape_string in a function In-Reply-To: <1305587394-28017-1-git-send-email-elij.mx@gmail.com> References: <1305587394-28017-1-git-send-email-elij.mx@gmail.com> Message-ID: <20110517155805.GA23178@blizzard> On Mon, May 16, 2011 at 04:09:54PM -0700, elij wrote: > wrap mysql_real_escape_string in a wrapper function db_escape_string to ease > porting to other databases, and as another step to pulling more of the database > code into a central location. > --- > web/html/account.php | 2 +- > web/html/addvote.php | 10 +++++----- > web/html/logout.php | 2 +- > web/html/passreset.php | 4 ++-- > web/html/pkgsubmit.php | 36 ++++++++++++++++++------------------ > web/html/voters.php | 2 +- > web/lib/acctfuncs.inc | 26 +++++++++++++------------- > web/lib/aur.inc | 7 +++++++ > web/lib/aurjson.class.php | 8 ++++---- > web/lib/pkgfuncs.inc | 12 ++++++------ > web/lib/stats.inc | 2 +- > web/template/pkg_comment_form.php | 2 +- > 12 files changed, 60 insertions(+), 53 deletions(-) > What's the main difference between this one and the "use convenience wrapper for mysql_real_escape_string to aid database portability" patch? You should also try to conform to some proper guidelines like [1] when formatting your commit messages. I'm well aware that lots of us don't (I don't even stick to the 50 characters summary line limit often, too) but you should at least try to wrap everything to 72 characters... [1] http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html From elij.mx at gmail.com Tue May 17 12:52:18 2011 From: elij.mx at gmail.com (elij) Date: Tue, 17 May 2011 09:52:18 -0700 Subject: [aur-dev] [PATCH 1/1] wrap mysql_real_escape_string in a function In-Reply-To: <20110517155805.GA23178@blizzard> References: <1305587394-28017-1-git-send-email-elij.mx@gmail.com> <20110517155805.GA23178@blizzard> Message-ID: On Tue, May 17, 2011 at 8:58 AM, Lukas Fleischer wrote: > On Mon, May 16, 2011 at 04:09:54PM -0700, elij wrote: >> wrap mysql_real_escape_string in a wrapper function db_escape_string to ease >> porting to other databases, and as another step to pulling more of the database >> code into a central location. >> --- >> ?web/html/account.php ? ? ? ? ? ? ?| ? ?2 +- >> ?web/html/addvote.php ? ? ? ? ? ? ?| ? 10 +++++----- >> ?web/html/logout.php ? ? ? ? ? ? ? | ? ?2 +- >> ?web/html/passreset.php ? ? ? ? ? ?| ? ?4 ++-- >> ?web/html/pkgsubmit.php ? ? ? ? ? ?| ? 36 ++++++++++++++++++------------------ >> ?web/html/voters.php ? ? ? ? ? ? ? | ? ?2 +- >> ?web/lib/acctfuncs.inc ? ? ? ? ? ? | ? 26 +++++++++++++------------- >> ?web/lib/aur.inc ? ? ? ? ? ? ? ? ? | ? ?7 +++++++ >> ?web/lib/aurjson.class.php ? ? ? ? | ? ?8 ++++---- >> ?web/lib/pkgfuncs.inc ? ? ? ? ? ? ?| ? 12 ++++++------ >> ?web/lib/stats.inc ? ? ? ? ? ? ? ? | ? ?2 +- >> ?web/template/pkg_comment_form.php | ? ?2 +- >> ?12 files changed, 60 insertions(+), 53 deletions(-) >> > > What's the main difference between this one and the "use convenience > wrapper for mysql_real_escape_string to aid database portability" patch? ha! I forgot I had submitted that one. Last month was so long ago! *rolls eyes at himself* It appears that this time around I named the function db_escape_string, which seems like it could be a bit better, as it only escapes strings (it does not detect the input type and only escape on string for example). > You should also try to conform to some proper guidelines like [1] when > formatting your commit messages. I'm well aware that lots of us don't (I > don't even stick to the 50 characters summary line limit often, too) but > you should at least try to wrap everything to 72 characters... Hmm. Turns out my gitcommit.vim filetype plugin wasn't loading properly (due to a config error on my part in my .vimrc). This has been fixed, and should resolve the issue. I had assumed it was working properly (because I reformat before writeout) and it simply wasn't anymore. > [1] http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html > From elij.mx at gmail.com Sat May 28 17:14:34 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 14:14:34 -0700 Subject: [aur-dev] [PATCH 1/1] restructure the html/rpc.php endpoint Message-ID: <1306617274-11290-1-git-send-email-elij.mx@gmail.com> - move request_method test to the top, and catch other request types (HEAD, PUT, etc) - change how html output is handled. instead of building a string, just output the html - set appropriate response header for incorrect request_method. --- web/html/rpc.php | 60 ++++++++++++++++++++++++++++------------------------- 1 files changed, 32 insertions(+), 28 deletions(-) diff --git a/web/html/rpc.php b/web/html/rpc.php index 1a9ca34..27439db 100644 --- a/web/html/rpc.php +++ b/web/html/rpc.php @@ -1,36 +1,40 @@ handle($_GET); - } - else { - // dump a simple usage output for people to use. - // this could be moved to an api doc in the future, or generated from - // the AurJSON class directly with phpdoc. For now though, just putting it here. - echo ''; - echo 'The methods currently allowed are:
'; - echo '

search
info
multiinfo
msearch

'; - echo 'Each method requires the following HTTP GET syntax:
'; - echo ' type=methodname&arg=data

'; - echo 'Where methodname is the name of an allowed method, and data is the argument to the call.
'; - echo '
'; - echo 'If you need jsonp type callback specification, you can provide an additional variable callback.
'; - echo 'Example URL:
http://aur-url/rpc.php?type=search&arg=foobar&callback=jsonp1192244621103'; - echo ''; - } +if ( $_SERVER['REQUEST_METHOD'] != 'GET' ) { + header('HTTP/1.1 405 Method Not Allowed'); +} + +if ( isset($_GET['type']) ) { + $rpc_o = new AurJSON(); + echo $rpc_o->handle($_GET); } else { - echo 'POST NOT SUPPORTED'; + // dump a simple usage output for people to use. + // this could be moved to an api doc in the future, or generated from + // the AurJSON class directly with phpdoc. For now though, just putting it + // here. +?> + +The methods currently allowed are:
+

search
info
multiinfo
msearch

+Each method requires the following HTTP GET syntax:
+ type=methodname&arg=data +

+Where methodname is the name of an allowed method, and data is the argument to the call. +

+If you need jsonp type callback specification, you can provide an additional variable callback. +
+Example URL:
+ http://aur-url/rpc.php?type=search&arg=foobar&callback=jsonp1192244621103 + + -- 1.7.2.5 From elij.mx at gmail.com Sat May 28 17:19:12 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 14:19:12 -0700 Subject: [aur-dev] [PATCH 2/2] add missing exit to request_method conditional test In-Reply-To: <1306617274-11290-1-git-send-email-elij.mx@gmail.com> References: <1306617274-11290-1-git-send-email-elij.mx@gmail.com> Message-ID: <1306617552-11401-1-git-send-email-elij.mx@gmail.com> --- web/html/rpc.php | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/web/html/rpc.php b/web/html/rpc.php index 27439db..b2c244b 100644 --- a/web/html/rpc.php +++ b/web/html/rpc.php @@ -4,6 +4,7 @@ include_once("aurjson.class.php"); if ( $_SERVER['REQUEST_METHOD'] != 'GET' ) { header('HTTP/1.1 405 Method Not Allowed'); + exit(); } if ( isset($_GET['type']) ) { -- 1.7.2.5 From elij.mx at gmail.com Sat May 28 17:28:59 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 14:28:59 -0700 Subject: [aur-dev] [PATCH 1/1] fix two issues (php notice level) with html/rss.php Message-ID: <1306618139-11523-1-git-send-email-elij.mx@gmail.com> - Undefined index: HTTPS in rss.php on line 8 - Undefined property: RSSCreator20::$cssStyleSheet in feedcreator.class.php on line 591 --- web/html/rss.php | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/web/html/rss.php b/web/html/rss.php index 0547815..d0a202b 100644 --- a/web/html/rss.php +++ b/web/html/rss.php @@ -5,10 +5,12 @@ include_once("aur.inc"); include_once("feedcreator.class.php"); #detect prefix -$protocol = $_SERVER["HTTPS"]=='on' ? "https" : "http"; +$protocol = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=='on' ? "https" : "http"; $host = $_SERVER['HTTP_HOST']; $rss = new RSSCreator20(); +$rss->cssStyleSheet = false; +$rss->xslStyleSheet = false; # Use UTF-8 (fixes FS#10706). $rss->encoding = "UTF-8"; -- 1.7.2.5 From elij.mx at gmail.com Sat May 28 19:17:08 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 16:17:08 -0700 Subject: [aur-dev] refactor apc cache code (centralize and genericize) Message-ID: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> The first patch is a slight refactor and move of the apc cache code, out of stats.inc into aur.inc. This is to make it available for other code to utilize if desired. I made it a bit more generic, so other referncing code does not have to supply a cache prefix. It will apply a prefix on behalf of the calling cache_set code, and utilize the prefix on cache_get code. The second patch changes rss.php to use the apc cache, instead of a file based cache. From elij.mx at gmail.com Sat May 28 19:17:09 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 16:17:09 -0700 Subject: [aur-dev] [PATCH 1/2] refactor apc code and move to aur.inc In-Reply-To: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> Message-ID: <1306624630-12029-2-git-send-email-elij.mx@gmail.com> - move apc cache code to aur.inc (centralize) - refactor the apc usage in stats.inc to utilize new code in aur.inc --- web/lib/aur.inc | 49 ++++++++++++++++++++++++++++++++++++++++++ web/lib/stats.inc | 61 +++++++++++----------------------------------------- 2 files changed, 62 insertions(+), 48 deletions(-) diff --git a/web/lib/aur.inc b/web/lib/aur.inc index fb267af..2b78c99 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -14,6 +14,12 @@ include_once("config.inc"); include_once("version.inc"); include_once("acctfuncs.inc"); +# Check if APC extension is loaded, and set cache prefix if it is +if (!defined('EXTENSION_LOADED_APC')) { + define('EXTENSION_LOADED_APC', extension_loaded('apc')); + define('APC_PREFIX', 'aur:'); +} + # see if the visitor is already logged in # function check_sid() { @@ -257,6 +263,49 @@ function db_query($query="", $db_handle="") { return $result; } +# set a value in the cache (currently apc) if cache +# is available for use. if not available, this becomes +# effectively a no-op (return value is false) +# accepts an optional TTL (defaults to 600 seconds) +function set_cache_value($key, $value, $ttl=600) { + $status = false; + if (EXTENSION_LOADED_APC) { + $status = apc_store(APC_PREFIX.$key, $value, $ttl); + } + return $status; +} + +# get a value from the cache (currently apc) if cache +# is available for use. if not available, this +# returns false (optionally sets passed in variable $status +# to false, much like apc_fetch behaves). this allows +# for testing the fetch result appropriately even in the event +# that a 'false' value was the value in the cache. +function get_cache_value($key, &$status=false) { + if(EXTENSION_LOADED_APC) { + $ret = apc_fetch(APC_PREFIX.$key, $status); + if ($status) { + return $ret; + } + } + return $status; +} + +# run a simple db query, retrieving and/or caching the value if APC +# is available for use +# accepts an optioanal TTL value (defaults to 600 seconds) +function db_cache_value($dbq, $dbh, $key, $ttl=600) { + $status = false; + $value = get_cache_value($key, $status); + if (!$status) { + $result = db_query($dbq, $dbh); + $row = mysql_fetch_row($result); + $value = $row[0]; + set_cache_value($key, $value, $ttl); + } + return $value; +} + # set up the visitor's language # function set_lang() { diff --git a/web/lib/stats.inc b/web/lib/stats.inc index 756fa27..29ba0bb 100644 --- a/web/lib/stats.inc +++ b/web/lib/stats.inc @@ -2,40 +2,10 @@ include_once('aur.inc'); -# APC configuration variables -$apc_prefix = 'aur:'; -$apc_ttl = 600; - -# Check if APC extension is loaded -if (!defined('EXTENSION_LOADED_APC')) - define('EXTENSION_LOADED_APC', extension_loaded('apc')); - -# run a simple db query, retrieving and/or caching the value if APC -# is available for use -# -function db_cache_value($dbq, $dbh, $key) -{ - global $apc_ttl; - $bool = false; - if(EXTENSION_LOADED_APC) { - $ret = apc_fetch($key, $bool); - } - if(!$bool) { - $result = db_query($dbq, $dbh); - $row = mysql_fetch_row($result); - $ret = $row[0]; - if (EXTENSION_LOADED_APC) { - apc_store($key, $ret, $apc_ttl); - } - } - return $ret; -} - function updates_table($dbh) { - global $apc_prefix, $apc_ttl; - $key = $apc_prefix . 'recent_updates'; - if(!(EXTENSION_LOADED_APC && ($newest_packages = apc_fetch($key)))) { + $key = 'recent_updates'; + if(!($newest_packages = get_cache_value($key))) { $q = 'SELECT * FROM Packages ORDER BY ModifiedTS DESC LIMIT 10'; $result = db_query($q, $dbh); @@ -43,26 +13,23 @@ function updates_table($dbh) while ($row = mysql_fetch_assoc($result)) { $newest_packages->append($row); } - if (EXTENSION_LOADED_APC) { - apc_store($key, $newest_packages, $apc_ttl); - } + set_cache_value($key, $newest_packages); } include('stats/updates_table.php'); } function user_table($user, $dbh) { - global $apc_prefix; $escuser = mysql_real_escape_string($user); $base_q = "SELECT count(*) FROM Packages,Users WHERE Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; $maintainer_unsupported_count = db_cache_value($base_q, $dbh, - $apc_prefix . 'user_unsupported_count:' . $escuser); + 'user_unsupported_count:' . $escuser); $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDateTS IS NOT NULL AND Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; $flagged_outdated = db_cache_value($q, $dbh, - $apc_prefix . 'user_flagged_outdated:' . $escuser); + 'user_flagged_outdated:' . $escuser); # If the user is a TU calculate the number of the packages $atype = account_from_sid($_COOKIE["AURSID"]); @@ -72,35 +39,33 @@ function user_table($user, $dbh) function general_stats_table($dbh) { - global $apc_prefix; # AUR statistics $q = "SELECT count(*) FROM Packages"; - $unsupported_count = db_cache_value($q, $dbh, $apc_prefix . 'unsupported_count'); + $unsupported_count = db_cache_value($q, $dbh, 'unsupported_count'); $q = "SELECT count(*) FROM Packages WHERE MaintainerUID IS NULL"; - $orphan_count = db_cache_value($q, $dbh, $apc_prefix . 'orphan_count'); + $orphan_count = db_cache_value($q, $dbh, 'orphan_count'); $q = "SELECT count(*) FROM Users"; - $user_count = db_cache_value($q, $dbh, $apc_prefix . 'user_count'); + $user_count = db_cache_value($q, $dbh, 'user_count'); $q = "SELECT count(*) FROM Users,AccountTypes WHERE Users.AccountTypeID = AccountTypes.ID AND AccountTypes.AccountType = 'Trusted User'"; - $tu_count = db_cache_value($q, $dbh, $apc_prefix . 'tu_count'); + $tu_count = db_cache_value($q, $dbh, 'tu_count'); $targstamp = intval(strtotime("-7 days")); $yearstamp = intval(strtotime("-1 year")); $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $targstamp AND Packages.ModifiedTS = Packages.SubmittedTS"; - $add_count = db_cache_value($q, $dbh, $apc_prefix . 'add_count'); + $add_count = db_cache_value($q, $dbh, 'add_count'); $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $targstamp AND Packages.ModifiedTS != Packages.SubmittedTS"; - $update_count = db_cache_value($q, $dbh, $apc_prefix . 'update_count'); + $update_count = db_cache_value($q, $dbh, 'update_count'); $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $yearstamp AND Packages.ModifiedTS != Packages.SubmittedTS"; - $update_year_count = db_cache_value($q, $dbh, $apc_prefix . 'update_year_count'); + $update_year_count = db_cache_value($q, $dbh, 'update_year_count'); $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS = Packages.SubmittedTS"; - $never_update_count = db_cache_value($q, $dbh, $apc_prefix . 'never_update_count'); + $never_update_count = db_cache_value($q, $dbh, 'never_update_count'); include('stats/general_stats_table.php'); } - -- 1.7.2.5 From elij.mx at gmail.com Sat May 28 19:17:10 2011 From: elij.mx at gmail.com (elij) Date: Sat, 28 May 2011 16:17:10 -0700 Subject: [aur-dev] [PATCH 2/2] make rss.php use the apc cache instead of a cache file In-Reply-To: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> Message-ID: <1306624630-12029-3-git-send-email-elij.mx@gmail.com> utilize the apc cache functionality in aur.inc to cache the rss feed output. the cache will cache on a per-protocol basis (http/https) so that urls are appropriate regardless of which url people hit. --- web/html/rss.php | 18 +++++++++++++----- 1 files changed, 13 insertions(+), 5 deletions(-) diff --git a/web/html/rss.php b/web/html/rss.php index d0a202b..1f808b6 100644 --- a/web/html/rss.php +++ b/web/html/rss.php @@ -8,6 +8,15 @@ include_once("feedcreator.class.php"); $protocol = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=='on' ? "https" : "http"; $host = $_SERVER['HTTP_HOST']; +$feed_key = 'pkg-feed-' . $protocol; + +$bool = false; +$ret = get_cache_value($feed_key, $bool); +if ($bool) { + echo $ret; + exit(); +} + $rss = new RSSCreator20(); $rss->cssStyleSheet = false; $rss->xslStyleSheet = false; @@ -15,9 +24,6 @@ $rss->xslStyleSheet = false; # Use UTF-8 (fixes FS#10706). $rss->encoding = "UTF-8"; -#If there's a cached version <1hr old, won't regenerate now -$rss->useCached("/tmp/aur-newestpkg.xml", 1800); - #All the general RSS setup $rss->title = "AUR Newest Packages"; $rss->description = "The latest and greatest packages in the AUR"; @@ -49,5 +55,7 @@ while ($row = mysql_fetch_assoc($result)) { } #save it so that useCached() can find it -$rss->saveFeed("/tmp/aur-newestpkg.xml",true); - +$feedContent = $rss->createFeed(); +set_cache_value($feed_key, $feedContent, 1800); +echo $feedContent; +?> -- 1.7.2.5 From archlinux at cryptocrack.de Sun May 29 10:27:57 2011 From: archlinux at cryptocrack.de (Lukas Fleischer) Date: Sun, 29 May 2011 16:27:57 +0200 Subject: [aur-dev] [PATCH 1/2] refactor apc code and move to aur.inc In-Reply-To: <1306624630-12029-2-git-send-email-elij.mx@gmail.com> References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> <1306624630-12029-2-git-send-email-elij.mx@gmail.com> Message-ID: <20110529142757.GA11777@blizzard> On Sat, May 28, 2011 at 04:17:09PM -0700, elij wrote: > - move apc cache code to aur.inc (centralize) > - refactor the apc usage in stats.inc to utilize new code in aur.inc > --- > web/lib/aur.inc | 49 ++++++++++++++++++++++++++++++++++++++++++ > web/lib/stats.inc | 61 +++++++++++----------------------------------------- > 2 files changed, 62 insertions(+), 48 deletions(-) > > diff --git a/web/lib/aur.inc b/web/lib/aur.inc > index fb267af..2b78c99 100644 > --- a/web/lib/aur.inc > +++ b/web/lib/aur.inc > @@ -14,6 +14,12 @@ include_once("config.inc"); > include_once("version.inc"); > include_once("acctfuncs.inc"); > > +# Check if APC extension is loaded, and set cache prefix if it is > +if (!defined('EXTENSION_LOADED_APC')) { > + define('EXTENSION_LOADED_APC', extension_loaded('apc')); > + define('APC_PREFIX', 'aur:'); > +} > + > # see if the visitor is already logged in > # > function check_sid() { > @@ -257,6 +263,49 @@ function db_query($query="", $db_handle="") { > return $result; > } > > +# set a value in the cache (currently apc) if cache > +# is available for use. if not available, this becomes > +# effectively a no-op (return value is false) > +# accepts an optional TTL (defaults to 600 seconds) > +function set_cache_value($key, $value, $ttl=600) { > + $status = false; > + if (EXTENSION_LOADED_APC) { > + $status = apc_store(APC_PREFIX.$key, $value, $ttl); > + } > + return $status; > +} > + > +# get a value from the cache (currently apc) if cache > +# is available for use. if not available, this > +# returns false (optionally sets passed in variable $status > +# to false, much like apc_fetch behaves). this allows > +# for testing the fetch result appropriately even in the event > +# that a 'false' value was the value in the cache. > +function get_cache_value($key, &$status=false) { > + if(EXTENSION_LOADED_APC) { > + $ret = apc_fetch(APC_PREFIX.$key, $status); > + if ($status) { > + return $ret; > + } > + } > + return $status; > +} I'd prefer to change get_cache_value()'s signature to return the status indicator and pass the actual result by reference. That way, it could be used as follows: ---- if (get_cache_value('foo', $foo)) { do_something $foo } ---- That just feels much more common and convenient. Any objections? > + > +# run a simple db query, retrieving and/or caching the value if APC > +# is available for use > +# accepts an optioanal TTL value (defaults to 600 seconds) > +function db_cache_value($dbq, $dbh, $key, $ttl=600) { > + $status = false; > + $value = get_cache_value($key, $status); > + if (!$status) { > + $result = db_query($dbq, $dbh); > + $row = mysql_fetch_row($result); > + $value = $row[0]; > + set_cache_value($key, $value, $ttl); > + } > + return $value; > +} > + > # set up the visitor's language > # > function set_lang() { > diff --git a/web/lib/stats.inc b/web/lib/stats.inc > index 756fa27..29ba0bb 100644 > --- a/web/lib/stats.inc > +++ b/web/lib/stats.inc > @@ -2,40 +2,10 @@ > > include_once('aur.inc'); > > -# APC configuration variables > -$apc_prefix = 'aur:'; > -$apc_ttl = 600; > - > -# Check if APC extension is loaded > -if (!defined('EXTENSION_LOADED_APC')) > - define('EXTENSION_LOADED_APC', extension_loaded('apc')); > - > -# run a simple db query, retrieving and/or caching the value if APC > -# is available for use > -# > -function db_cache_value($dbq, $dbh, $key) > -{ > - global $apc_ttl; > - $bool = false; > - if(EXTENSION_LOADED_APC) { > - $ret = apc_fetch($key, $bool); > - } > - if(!$bool) { > - $result = db_query($dbq, $dbh); > - $row = mysql_fetch_row($result); > - $ret = $row[0]; > - if (EXTENSION_LOADED_APC) { > - apc_store($key, $ret, $apc_ttl); > - } > - } > - return $ret; > -} > - > function updates_table($dbh) > { > - global $apc_prefix, $apc_ttl; > - $key = $apc_prefix . 'recent_updates'; > - if(!(EXTENSION_LOADED_APC && ($newest_packages = apc_fetch($key)))) { > + $key = 'recent_updates'; > + if(!($newest_packages = get_cache_value($key))) { Any reason to use an additional variable for the key here? > $q = 'SELECT * FROM Packages ORDER BY ModifiedTS DESC LIMIT 10'; > $result = db_query($q, $dbh); > > @@ -43,26 +13,23 @@ function updates_table($dbh) > while ($row = mysql_fetch_assoc($result)) { > $newest_packages->append($row); > } > - if (EXTENSION_LOADED_APC) { > - apc_store($key, $newest_packages, $apc_ttl); > - } > + set_cache_value($key, $newest_packages); Looks like you introduced a whitespace mistake here. > } > include('stats/updates_table.php'); > } > > function user_table($user, $dbh) > { > - global $apc_prefix; > $escuser = mysql_real_escape_string($user); > $base_q = "SELECT count(*) FROM Packages,Users WHERE Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; > > $maintainer_unsupported_count = db_cache_value($base_q, $dbh, > - $apc_prefix . 'user_unsupported_count:' . $escuser); > + 'user_unsupported_count:' . $escuser); > > $q = "SELECT count(*) FROM Packages,Users WHERE Packages.OutOfDateTS IS NOT NULL AND Packages.MaintainerUID = Users.ID AND Users.Username='" . $escuser . "'"; > > $flagged_outdated = db_cache_value($q, $dbh, > - $apc_prefix . 'user_flagged_outdated:' . $escuser); > + 'user_flagged_outdated:' . $escuser); > > # If the user is a TU calculate the number of the packages > $atype = account_from_sid($_COOKIE["AURSID"]); > @@ -72,35 +39,33 @@ function user_table($user, $dbh) > > function general_stats_table($dbh) > { > - global $apc_prefix; > # AUR statistics > $q = "SELECT count(*) FROM Packages"; > - $unsupported_count = db_cache_value($q, $dbh, $apc_prefix . 'unsupported_count'); > + $unsupported_count = db_cache_value($q, $dbh, 'unsupported_count'); > > $q = "SELECT count(*) FROM Packages WHERE MaintainerUID IS NULL"; > - $orphan_count = db_cache_value($q, $dbh, $apc_prefix . 'orphan_count'); > + $orphan_count = db_cache_value($q, $dbh, 'orphan_count'); > > $q = "SELECT count(*) FROM Users"; > - $user_count = db_cache_value($q, $dbh, $apc_prefix . 'user_count'); > + $user_count = db_cache_value($q, $dbh, 'user_count'); > > $q = "SELECT count(*) FROM Users,AccountTypes WHERE Users.AccountTypeID = AccountTypes.ID AND AccountTypes.AccountType = 'Trusted User'"; > - $tu_count = db_cache_value($q, $dbh, $apc_prefix . 'tu_count'); > + $tu_count = db_cache_value($q, $dbh, 'tu_count'); > > $targstamp = intval(strtotime("-7 days")); > $yearstamp = intval(strtotime("-1 year")); > > $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $targstamp AND Packages.ModifiedTS = Packages.SubmittedTS"; > - $add_count = db_cache_value($q, $dbh, $apc_prefix . 'add_count'); > + $add_count = db_cache_value($q, $dbh, 'add_count'); > > $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $targstamp AND Packages.ModifiedTS != Packages.SubmittedTS"; > - $update_count = db_cache_value($q, $dbh, $apc_prefix . 'update_count'); > + $update_count = db_cache_value($q, $dbh, 'update_count'); > > $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS >= $yearstamp AND Packages.ModifiedTS != Packages.SubmittedTS"; > - $update_year_count = db_cache_value($q, $dbh, $apc_prefix . 'update_year_count'); > + $update_year_count = db_cache_value($q, $dbh, 'update_year_count'); > > $q = "SELECT count(*) FROM Packages WHERE Packages.ModifiedTS = Packages.SubmittedTS"; > - $never_update_count = db_cache_value($q, $dbh, $apc_prefix . 'never_update_count'); > + $never_update_count = db_cache_value($q, $dbh, 'never_update_count'); > > include('stats/general_stats_table.php'); > } > - From elij.mx at gmail.com Sun May 29 16:59:45 2011 From: elij.mx at gmail.com (elij) Date: Sun, 29 May 2011 13:59:45 -0700 Subject: [aur-dev] [PATCH 1/2] refactor apc code and move to aur.inc In-Reply-To: <20110529142757.GA11777@blizzard> References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> <1306624630-12029-2-git-send-email-elij.mx@gmail.com> <20110529142757.GA11777@blizzard> Message-ID: On Sun, May 29, 2011 at 7:27 AM, Lukas Fleischer wrote: > On Sat, May 28, 2011 at 04:17:09PM -0700, elij wrote: >> + ? ?if(EXTENSION_LOADED_APC) { >> + ? ? ? ?$ret = apc_fetch(APC_PREFIX.$key, $status); >> + ? ? ? ?if ($status) { >> + ? ? ? ? ? ?return $ret; >> + ? ? ? ?} >> + ? ?} >> + ? ?return $status; >> +} > > I'd prefer to change get_cache_value()'s signature to return the status > indicator and pass the actual result by reference. That way, it could be > used as follows: > > ---- > if (get_cache_value('foo', $foo)) { > ?do_something $foo > } > ---- > > That just feels much more common and convenient. Any objections? That seems a bit unconventional, considering the existing codebase and common php practices. While it might make for the occasional nice conditional-if test, I think it is more of a leaky abstraction than the existing method. I made an attempt to match the api signature for apc_fetch and memcache::get, so that I had to change as little calling code as possible (while making the api somewhat expected). The version as written behaves like the existing apc_fetch: http://www.php.net/manual/en/function.apc-fetch.php And purposefully similarly to memcache::get (if no bool reference is passed in to get_cache_value): http://us.php.net/manual/en/memcache.get.php Memcache::get returns false on failure, which can be problematic if a falsey value was stored in memcache, and you were trying to get it out (and test that retrieval succeeded). Passing a bool by reference fixes that case. You _can_ use a convention like this: if(!($foo = get_cache_value('bar'))) { // do stuff } As get_cache_value on failure *also* returns a falsey value, but this runs into the memcache api problem of what happens if you want to retrieve a falsey value. If you know that either you never store a falsey value for that key, or if your conditional test is appropriate assuming a falsey value stored (eg. if the condition is false due to failure or retrieval of a falseyness, the expected behavior is the same), then that convention works fine. Passing a data container by reference (your suggestion) would also work fine, but I don't see that very often in practice. I am probably not very current on php conventions though, and I am using the php documentation as a reference for 'best practices for api signatures'. Which may be a fools errand to some extent. ;) Do you make use of the 'pass data container by reference' convention regularly, or see it commonly used? >> ?function updates_table($dbh) >> ?{ >> - ? ? global $apc_prefix, $apc_ttl; >> - ? ? $key = $apc_prefix . 'recent_updates'; >> - ? ? if(!(EXTENSION_LOADED_APC && ($newest_packages = apc_fetch($key)))) { >> + ? ? $key = 'recent_updates'; >> + ? ? if(!($newest_packages = get_cache_value($key))) { > > Any reason to use an additional variable for the key here? Nope. That was just how it was, and I missed changing it to inline. Note the diff. >> ? ? ? ? ? ? ? $q = 'SELECT * FROM Packages ORDER BY ModifiedTS DESC LIMIT 10'; >> ? ? ? ? ? ? ? $result = db_query($q, $dbh); >> >> @@ -43,26 +13,23 @@ function updates_table($dbh) >> ? ? ? ? ? ? ? while ($row = mysql_fetch_assoc($result)) { >> ? ? ? ? ? ? ? ? ? ? ? $newest_packages->append($row); >> ? ? ? ? ? ? ? } >> - ? ? ? ? ? ? if (EXTENSION_LOADED_APC) { >> - ? ? ? ? ? ? ? ? ? ? apc_store($key, $newest_packages, $apc_ttl); >> - ? ? ? ? ? ? } >> + ? ? ? ?set_cache_value($key, $newest_packages); > > Looks like you introduced a whitespace mistake here. Ah yes. I have vim set to use tabs on php files, but the inc files do not end in php... :/ Which as an aside is not a good practice. If for some reason there was a server configuration error, the inc files would be served up as plain text. It is best practice to have config files (such as config.inc) end in .php so they will be rendered in the off chance the file is exposed. The include files should probably be renamed. I can fix this one line of whitespace and resubmit if desired. From elij.mx at gmail.com Sun May 29 17:10:46 2011 From: elij.mx at gmail.com (elij) Date: Sun, 29 May 2011 14:10:46 -0700 Subject: [aur-dev] [PATCH 1/2] refactor apc code and move to aur.inc In-Reply-To: References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> <1306624630-12029-2-git-send-email-elij.mx@gmail.com> <20110529142757.GA11777@blizzard> Message-ID: On Sun, May 29, 2011 at 1:59 PM, elij wrote: > On Sun, May 29, 2011 at 7:27 AM, Lukas Fleischer > wrote: >> On Sat, May 28, 2011 at 04:17:09PM -0700, elij wrote: >>> + ? ?if(EXTENSION_LOADED_APC) { >>> + ? ? ? ?$ret = apc_fetch(APC_PREFIX.$key, $status); >>> + ? ? ? ?if ($status) { >>> + ? ? ? ? ? ?return $ret; >>> + ? ? ? ?} >>> + ? ?} >>> + ? ?return $status; >>> +} >> >> I'd prefer to change get_cache_value()'s signature to return the status >> indicator and pass the actual result by reference. That way, it could be >> used as follows: >> >> ---- >> if (get_cache_value('foo', $foo)) { >> ?do_something $foo >> } >> ---- >> >> That just feels much more common and convenient. Any objections? > > That seems a bit unconventional, considering the existing codebase and > common php practices. While it might make for the occasional nice > conditional-if test, I think it is more of a leaky abstraction than > the existing method. > > I made an attempt to match the api signature for apc_fetch and > memcache::get, so that I had to change as little calling code as > possible (while making the api somewhat expected). > > The version as written behaves like the existing apc_fetch: > http://www.php.net/manual/en/function.apc-fetch.php > > And purposefully similarly to memcache::get (if no bool reference is > passed in to get_cache_value): > http://us.php.net/manual/en/memcache.get.php > > Memcache::get returns false on failure, which can be problematic if a > falsey value was stored in memcache, and you were trying to get it out > (and test that retrieval succeeded). Passing a bool by reference fixes > that case. > > You _can_ use a convention like this: > > ? ?if(!($foo = get_cache_value('bar'))) { > ? ? ?// do stuff > ? ?} > > As get_cache_value on failure *also* returns a falsey value, but this > runs into the memcache api problem of what happens if you want to > retrieve a falsey value. If you know that either you never store a > falsey value for that key, or if your conditional test is appropriate > assuming a falsey value stored (eg. if the condition is false due to > failure or retrieval of a falseyness, the expected behavior is the > same), then that convention works fine. > > Passing a data container by reference (your suggestion) would also > work fine, but I don't see that very often in practice. I am probably > not very current on php conventions though, and I am using the php > documentation as a reference for 'best practices for api signatures'. > Which may be a fools errand to some extent. ;) > > Do you make use of the 'pass data container by reference' convention > regularly, or see it commonly used? > >>> ?function updates_table($dbh) >>> ?{ >>> - ? ? global $apc_prefix, $apc_ttl; >>> - ? ? $key = $apc_prefix . 'recent_updates'; >>> - ? ? if(!(EXTENSION_LOADED_APC && ($newest_packages = apc_fetch($key)))) { >>> + ? ? $key = 'recent_updates'; >>> + ? ? if(!($newest_packages = get_cache_value($key))) { >> >> Any reason to use an additional variable for the key here? > > Nope. That was just how it was, and I missed changing it to inline. > Note the diff. Actually, I just looked at the file, and the key is used twice (slightly later in the same function). At the time I probably thought it was better to have a variable than multiple instances of the same string. >>> ? ? ? ? ? ? ? $q = 'SELECT * FROM Packages ORDER BY ModifiedTS DESC LIMIT 10'; >>> ? ? ? ? ? ? ? $result = db_query($q, $dbh); >>> >>> @@ -43,26 +13,23 @@ function updates_table($dbh) >>> ? ? ? ? ? ? ? while ($row = mysql_fetch_assoc($result)) { >>> ? ? ? ? ? ? ? ? ? ? ? $newest_packages->append($row); >>> ? ? ? ? ? ? ? } >>> - ? ? ? ? ? ? if (EXTENSION_LOADED_APC) { >>> - ? ? ? ? ? ? ? ? ? ? apc_store($key, $newest_packages, $apc_ttl); >>> - ? ? ? ? ? ? } >>> + ? ? ? ?set_cache_value($key, $newest_packages); >> >> Looks like you introduced a whitespace mistake here. > > Ah yes. I have vim set to use tabs on php files, but the inc files do > not end in php... ?:/ > Which as an aside is not a good practice. If for some reason there was > a server configuration error, the inc files would be served up as > plain text. It is best practice to have config files (such as > config.inc) end in .php so they will be rendered in the off chance the > file is exposed. The include files should probably be renamed. > > I can fix this one line of whitespace and resubmit if desired. > From elij.mx at gmail.com Sun May 29 17:13:29 2011 From: elij.mx at gmail.com (elij) Date: Sun, 29 May 2011 14:13:29 -0700 Subject: [aur-dev] [PATCH 3/3] retab (spaces to tabs) and reformat In-Reply-To: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> References: <1306624630-12029-1-git-send-email-elij.mx@gmail.com> Message-ID: <1306703609-23519-1-git-send-email-elij.mx@gmail.com> --- web/lib/aur.inc | 60 ++++++++++++++++++++++++++-------------------------- web/lib/stats.inc | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 2b78c99..c31c3e9 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -16,8 +16,8 @@ include_once("acctfuncs.inc"); # Check if APC extension is loaded, and set cache prefix if it is if (!defined('EXTENSION_LOADED_APC')) { - define('EXTENSION_LOADED_APC', extension_loaded('apc')); - define('APC_PREFIX', 'aur:'); + define('EXTENSION_LOADED_APC', extension_loaded('apc')); + define('APC_PREFIX', 'aur:'); } # see if the visitor is already logged in @@ -268,11 +268,11 @@ function db_query($query="", $db_handle="") { # effectively a no-op (return value is false) # accepts an optional TTL (defaults to 600 seconds) function set_cache_value($key, $value, $ttl=600) { - $status = false; - if (EXTENSION_LOADED_APC) { - $status = apc_store(APC_PREFIX.$key, $value, $ttl); - } - return $status; + $status = false; + if (EXTENSION_LOADED_APC) { + $status = apc_store(APC_PREFIX.$key, $value, $ttl); + } + return $status; } # get a value from the cache (currently apc) if cache @@ -282,28 +282,28 @@ function set_cache_value($key, $value, $ttl=600) { # for testing the fetch result appropriately even in the event # that a 'false' value was the value in the cache. function get_cache_value($key, &$status=false) { - if(EXTENSION_LOADED_APC) { - $ret = apc_fetch(APC_PREFIX.$key, $status); - if ($status) { - return $ret; - } - } - return $status; + if(EXTENSION_LOADED_APC) { + $ret = apc_fetch(APC_PREFIX.$key, $status); + if ($status) { + return $ret; + } + } + return $status; } # run a simple db query, retrieving and/or caching the value if APC # is available for use # accepts an optioanal TTL value (defaults to 600 seconds) function db_cache_value($dbq, $dbh, $key, $ttl=600) { - $status = false; - $value = get_cache_value($key, $status); - if (!$status) { - $result = db_query($dbq, $dbh); - $row = mysql_fetch_row($result); - $value = $row[0]; - set_cache_value($key, $value, $ttl); - } - return $value; + $status = false; + $value = get_cache_value($key, $status); + if (!$status) { + $result = db_query($dbq, $dbh); + $row = mysql_fetch_row($result); + $value = $row[0]; + set_cache_value($key, $value, $ttl); + } + return $value; } # set up the visitor's language @@ -540,12 +540,12 @@ function get_salt($user_id) { $dbh = db_connect(); $salt_q = "SELECT Salt FROM Users WHERE ID = " . $user_id; - $result = db_query($salt_q, $dbh); - if ($result) { - $salt_row = mysql_fetch_row($result); - return $salt_row[0]; - } - return; + $result = db_query($salt_q, $dbh); + if ($result) { + $salt_row = mysql_fetch_row($result); + return $salt_row[0]; + } + return; } function save_salt($user_id, $passwd) @@ -584,7 +584,7 @@ function parse_comment($comment) if ($i % 2) { # convert links $html .= '' . htmlspecialchars($matches[$i]) . ''; + '">' . htmlspecialchars($matches[$i]) . ''; } else { # convert everything else diff --git a/web/lib/stats.inc b/web/lib/stats.inc index 29ba0bb..67fbdca 100644 --- a/web/lib/stats.inc +++ b/web/lib/stats.inc @@ -13,7 +13,7 @@ function updates_table($dbh) while ($row = mysql_fetch_assoc($result)) { $newest_packages->append($row); } - set_cache_value($key, $newest_packages); + set_cache_value($key, $newest_packages); } include('stats/updates_table.php'); } -- 1.7.2.5 From elij.mx at gmail.com Sun May 29 17:33:37 2011 From: elij.mx at gmail.com (elij) Date: Sun, 29 May 2011 14:33:37 -0700 Subject: [aur-dev] [PATCH 1/1] rename *.inc files to *.inc.php and adjust imports and references Message-ID: <1306704817-23825-1-git-send-email-elij.mx@gmail.com> --- .gitignore | 1 + TRANSLATING | 2 +- web/README | 4 ++-- web/html/account.php | 4 ++-- web/html/addvote.php | 2 +- web/html/index.php | 4 ++-- web/html/logout.php | 4 ++-- web/html/packages.php | 8 ++++---- web/html/passreset.php | 2 +- web/html/pkgsubmit.php | 6 +++--- web/html/rss.php | 2 +- web/html/tu.php | 2 +- web/html/voters.php | 4 ++-- web/lib/{acctfuncs.inc => acctfuncs.inc.php} | 0 web/lib/{aur.inc => aur.inc.php} | 8 ++++---- web/lib/aurjson.class.php | 2 +- web/lib/{config.inc.proto => config.inc.php.proto} | 0 web/lib/{pkgfuncs.inc => pkgfuncs.inc.php} | 2 +- web/lib/{stats.inc => stats.inc.php} | 2 +- web/lib/{translator.inc => translator.inc.php} | 2 +- web/lib/{version.inc => version.inc.php} | 0 web/template/pkg_search_form.php | 2 +- web/template/template.phps | 4 ++-- 23 files changed, 34 insertions(+), 33 deletions(-) rename web/lib/{acctfuncs.inc => acctfuncs.inc.php} (100%) rename web/lib/{aur.inc => aur.inc.php} (99%) rename web/lib/{config.inc.proto => config.inc.php.proto} (100%) rename web/lib/{pkgfuncs.inc => pkgfuncs.inc.php} (99%) rename web/lib/{stats.inc => stats.inc.php} (98%) rename web/lib/{translator.inc => translator.inc.php} (97%) rename web/lib/{version.inc => version.inc.php} (100%) diff --git a/.gitignore b/.gitignore index b1fb977..11e9b7e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ robots.txt *.swp web/lib/config.inc +web/lib/config.inc.php *.DS_Store web/html/xml/*.xml dummy-data.sql* diff --git a/TRANSLATING b/TRANSLATING index 56b3383..d8f1bd4 100644 --- a/TRANSLATING +++ b/TRANSLATING @@ -38,7 +38,7 @@ $ msginit -l -o .po -i aur.pot $ poedit .po 5. If you have a working AUR setup, add a line for the new translation in - "web/lib/config.inc.proto" and test if everything looks right. + "web/lib/config.inc.php.proto" and test if everything looks right. 6. Upload the newly created ".po" file to Transifex. If you don't like the web interface, you can also use transifex-client to do that (see below). diff --git a/web/README b/web/README index 9bd3ecb..b8d1b72 100644 --- a/web/README +++ b/web/README @@ -97,9 +97,9 @@ Setup on Arch Linux: can insert garbage addresses with: mysql> UPDATE Users SET Email = RAND() * RAND(); -7) Copy the config.inc.proto file to config.inc. Modify as needed. +7) Copy the config.inc.php.proto file to config.inc.php. Modify as needed. # cd ~/aur/web/lib/ - # cp config.inc.proto config.inc + # cp config.inc.php.proto config.inc.php 8) Point your browser to http://aur diff --git a/web/html/account.php b/web/html/account.php index afb0d7c..ca05d1a 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -2,8 +2,8 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once('aur.inc'); # access AUR common functions -include_once('acctfuncs.inc'); # access Account specific functions +include_once('aur.inc.php'); # access AUR common functions +include_once('acctfuncs.inc.php'); # access Account specific functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in diff --git a/web/html/addvote.php b/web/html/addvote.php index a459610..fe3037d 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -2,7 +2,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); +include_once("aur.inc.php"); set_lang(); check_sid(); html_header(); diff --git a/web/html/index.php b/web/html/index.php index 33c39eb..ffc5f00 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,11 +2,11 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); +include_once("aur.inc.php"); set_lang(); check_sid(); -include_once('stats.inc'); +include_once('stats.inc.php'); html_header( __("Home") ); diff --git a/web/html/logout.php b/web/html/logout.php index 95cf460..dee6456 100644 --- a/web/html/logout.php +++ b/web/html/logout.php @@ -2,8 +2,8 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions -include_once("acctfuncs.inc"); # access AUR common functions +include_once("aur.inc.php"); # access AUR common functions +include_once("acctfuncs.inc.php"); # access AUR common functions # if they've got a cookie, log them out - need to do this before diff --git a/web/html/packages.php b/web/html/packages.php index abc6637..4a1fa88 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -2,10 +2,10 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions -set_lang(); # this sets up the visitor's language -include_once('pkgfuncs.inc'); # package specific functions -check_sid(); # see if they're still logged in +include_once("aur.inc.php"); # access AUR common functions +set_lang(); # this sets up the visitor's language +include_once('pkgfuncs.inc.php'); # package specific functions +check_sid(); # see if they're still logged in # Set the title to the current query if required if (isset($_GET['ID']) && ($pkgname = pkgname_from_id($_GET['ID']))) { diff --git a/web/html/passreset.php b/web/html/passreset.php index 0ce6f7d..ed5d4d3 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -2,7 +2,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include_once("aur.inc"); # access AUR common functions +include_once("aur.inc.php"); # access AUR common functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 26608ea..b5fe3b7 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -1,12 +1,12 @@ ", ""); -include_once('config.inc'); +include_once('config.inc.php'); include_once('gettext.php'); include_once('streams.php'); diff --git a/web/lib/version.inc b/web/lib/version.inc.php similarity index 100% rename from web/lib/version.inc rename to web/lib/version.inc.php diff --git a/web/template/pkg_search_form.php b/web/template/pkg_search_form.php index 281cdc3..53d34fe 100644 --- a/web/template/pkg_search_form.php +++ b/web/template/pkg_search_form.php @@ -1,4 +1,4 @@ - +

diff --git a/web/template/template.phps b/web/template/template.phps index 591a03c..841277b 100644 --- a/web/template/template.phps +++ b/web/template/template.phps @@ -4,14 +4,14 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); -include("aur.inc"); # access AUR common functions +include("aur.inc.php"); # access AUR common functions set_lang(); # this sets up the visitor's language check_sid(); # see if they're still logged in html_header(); # print out the HTML header # Any text you print out to the visitor, use the __() function -# for i18n support. See web/lib/translator.inc for more info. +# for i18n support. See web/lib/translator.inc.php for more info. # print __("Hi, this is worth reading!")."
\n"; -- 1.7.2.5 From elij.mx at gmail.com Sun May 29 19:27:55 2011 From: elij.mx at gmail.com (elij) Date: Sun, 29 May 2011 16:27:55 -0700 Subject: [aur-dev] =?utf-8?q?=5BPATCH_1/1=5D_Make_cache_type_selectable_ba?= =?utf-8?q?sed_on_config_value?= Message-ID: <1306711675-24462-1-git-send-email-elij.mx@gmail.com> Provie a mechanism to specify cache type from NONE, APC, or MEMCACHE based on a config variable. If MEMCACHE type is selected, a list of servers can be specified to provide multiserver support. Note that php-memcaced is required for MEMCACHE support. --- web/lib/aur.inc.php | 49 +----------------------- web/lib/cachefuncs.inc.php | 85 ++++++++++++++++++++++++++++++++++++++++++ web/lib/config.inc.php.proto | 10 +++++ 3 files changed, 96 insertions(+), 48 deletions(-) create mode 100644 web/lib/cachefuncs.inc.php diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 7cf43e6..e65677d 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -13,12 +13,7 @@ set_lang(); include_once("config.inc.php"); include_once("version.inc.php"); include_once("acctfuncs.inc.php"); - -# Check if APC extension is loaded, and set cache prefix if it is -if (!defined('EXTENSION_LOADED_APC')) { - define('EXTENSION_LOADED_APC', extension_loaded('apc')); - define('APC_PREFIX', 'aur:'); -} +include_once("cachefuncs.inc.php"); # see if the visitor is already logged in # @@ -263,48 +258,6 @@ function db_query($query="", $db_handle="") { return $result; } -# set a value in the cache (currently apc) if cache -# is available for use. if not available, this becomes -# effectively a no-op (return value is false) -# accepts an optional TTL (defaults to 600 seconds) -function set_cache_value($key, $value, $ttl=600) { - $status = false; - if (EXTENSION_LOADED_APC) { - $status = apc_store(APC_PREFIX.$key, $value, $ttl); - } - return $status; -} - -# get a value from the cache (currently apc) if cache -# is available for use. if not available, this -# returns false (optionally sets passed in variable $status -# to false, much like apc_fetch behaves). this allows -# for testing the fetch result appropriately even in the event -# that a 'false' value was the value in the cache. -function get_cache_value($key, &$status=false) { - if(EXTENSION_LOADED_APC) { - $ret = apc_fetch(APC_PREFIX.$key, $status); - if ($status) { - return $ret; - } - } - return $status; -} - -# run a simple db query, retrieving and/or caching the value if APC -# is available for use -# accepts an optioanal TTL value (defaults to 600 seconds) -function db_cache_value($dbq, $dbh, $key, $ttl=600) { - $status = false; - $value = get_cache_value($key, $status); - if (!$status) { - $result = db_query($dbq, $dbh); - $row = mysql_fetch_row($result); - $value = $row[0]; - set_cache_value($key, $value, $ttl); - } - return $value; -} # set up the visitor's language # diff --git a/web/lib/cachefuncs.inc.php b/web/lib/cachefuncs.inc.php new file mode 100644 index 0000000..8e32370 --- /dev/null +++ b/web/lib/cachefuncs.inc.php @@ -0,0 +1,85 @@ +addServer($mcserver[0], intval($mcserver[1])); + } +} + +# set a value in the cache (currently apc) if cache +# is available for use. if not available, this becomes +# effectively a no-op (return value is false) +# accepts an optional TTL (defaults to 600 seconds) +function set_cache_value($key, $value, $ttl=600) { + $status = false; + if (defined('EXTENSION_LOADED_APC')) { + $status = apc_store(CACHE_PREFIX.$key, $value, $ttl); + } + if (defined('EXTENSION_LOADED_MEMCACHE')) { + global $memcache; + $status = $memcache->set(CACHE_PREFIX.$key, $value, $ttl); + } + return $status; +} + +# get a value from the cache (currently apc) if cache +# is available for use. if not available, this +# returns false (optionally sets passed in variable $status +# to false, much like apc_fetch behaves). this allows +# for testing the fetch result appropriately even in the event +# that a 'false' value was the value in the cache. +function get_cache_value($key, &$status=false) { + if(defined('EXTENSION_LOADED_APC')) { + $ret = apc_fetch(CACHE_PREFIX.$key, $status); + if ($status) { + return $ret; + } + } + if (defined('EXTENSION_LOADED_MEMCACHE')) { + global $memcache; + $ret = $memcache->get(CACHE_PREFIX.$key); + if (!$ret) { + $status = false; + } + else { + $status = true; + } + return $ret; + } + return $status; +} + +# run a simple db query, retrieving and/or caching the value if APC +# is available for use +# accepts an optioanal TTL value (defaults to 600 seconds) +function db_cache_value($dbq, $dbh, $key, $ttl=600) { + $status = false; + $value = get_cache_value($key, $status); + if (!$status) { + $result = db_query($dbq, $dbh); + $row = mysql_fetch_row($result); + $value = $row[0]; + set_cache_value($key, $value, $ttl); + } + return $value; +} + +?> diff --git a/web/lib/config.inc.php.proto b/web/lib/config.inc.php.proto index 43c64d2..5351a4a 100644 --- a/web/lib/config.inc.php.proto +++ b/web/lib/config.inc.php.proto @@ -24,6 +24,16 @@ define("DEFAULT_LANG", "en"); # development. Should not be enabled in production. Default to 0 (off). define("SQL_DEBUG", 0); +# set cache type. Either "APC", "MEMCACHE", or "NONE" +# defaults to NONE +# +#define("CACHE_TYPE", "APC"); +#define("CACHE_TYPE", "MEMCACHE"); +# if using memcache cache_type, list servers. you can separate multiple +# servers with a comma, ex: '127.0.0.1:11211,127.0.0.1:11212' +# if undefined, defaults to '127.0.0.1:11211' +#define("MEMCACHE_SERVERS", '127.0.0.1:11211'); + # Languages we have translations for $SUPPORTED_LANGS = array( "ca" => "Catal?", -- 1.7.2.5