This is a bit hacky patch to make links in AUR comments clickable (fixes
FS#20137 [1]). Huge parts of this code are ripped from the DokuWiki
plugin that is also used in Flyspray.
I didn't have any time to test it extensively so I'd suggest to do some
more tests if this will be commited.
[1] https
---
web/lang/fr.po |8
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/web/lang/fr.po b/web/lang/fr.po
index 5728947..596f4af 100644
--- a/web/lang/fr.po
+++ b/web/lang/fr.po
@@ -43,7 +43,7 @@ $_t["Account Suspended"] = "Compte Suspendu";
$_t["Status"] = "Etat";
-$
On 09/30/2010 05:22 PM, Lukas Fleischer wrote:
This is a bit hacky patch to make links in AUR comments clickable (fixes
FS#20137 [1]). Huge parts of this code are ripped from the DokuWiki
plugin that is also used in Flyspray.
I didn't have any time to test it extensively so I'd suggest to do som
---
UPGRADING |4
support/schema/aur-schema.sql |1 +
web/lang/cs.po|2 +-
web/lang/de.po|2 +-
web/lang/el_GR.po |2 +-
web/lang/fr.po|2 +-
web/lang/he.po|2 +-
web/la
On Thu, Sep 30, 2010 at 06:18:24PM +0200, PyroPeter wrote:
> >+ $url = str_replace('&','&', $url);
> >+ $url = str_replace('&', '&', $url);
>
> What about the occurrences of "&(html-entity-code-here);" you
> produced the line before?
Nothing? Any occurrence of an HTML entity code is correct
when we gonna see the AUR-gets update?
adding all the fixes.. new translations and the other commites?
On Thu, Sep 30, 2010 at 07:28:21PM +0200, Netanel Shine wrote:
> when we gonna see the AUR-gets update?
>
> adding all the fixes.. new translations and the other commites?
The AUR has been updated just about a week ago :) It's now on 1.7.0.
still not for RTL for the HEBREW language, i think that someone release a patch
for that.
- Original Message -
From: "Lukas Fleischer"
To: "Arch User Repository (AUR) Development"
Sent: Thursday, September 30, 2010 7:27:18 PM (GMT+0200) Auto-Detected
Subject: Re: [aur-dev] AUR update
O
On Thu, Sep 30, 2010 at 8:28 PM, Netanel Shine wrote:
> when we gonna see the AUR-gets update?
>
> adding all the fixes.. new translations and the other commites?
>
What I would really like to see is if the new patches from CCR will go
through testing for AUR 1.8 :)
On Thu, Sep 30, 2010 at 08:34:52PM +0300, Panos Filip wrote:
> What I would really like to see is if the new patches from CCR will go
> through testing for AUR 1.8 :)
Erm...
http://chakra-project.org/ccr/pkgbuildview.php?pkgbuild=../../../../../etc/passwd
*sigh*
OMG!!
On Thu, Sep 30, 2010 at 11:16:55PM +0530, Gaurish Sharma wrote:
> OMG!!
I already told Manuel about this security vulnerability yesterday [1].
He didn't seem to do anyting against it yet tho.
My advice is not to include any of those patches without proper review.
[1]
http://mailman.archlinux.org
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote:
> > This introduces a remote file inclusion vulnerability allowing an
> > attacker to read arbitrary files since "$pkgbuild" is not validated
> > before passing it to file_get_contents().
> >
> > Don't apply this patch until everythin
On Thu, Sep 30, 2010 at 8:42 PM, Lukas Fleischer
wrote:
> On Thu, Sep 30, 2010 at 08:34:52PM +0300, Panos Filip wrote:
> > What I would really like to see is if the new patches from CCR will go
> > through testing for AUR 1.8 :)
>
> Erm...
>
> http://chakra-project.org/ccr/pkgbuildview.php?pkgbuil
On 09/30/2010 06:38 PM, Lukas Fleischer wrote:
On Thu, Sep 30, 2010 at 06:18:24PM +0200, PyroPeter wrote:
+ $url = str_replace('&','&', $url);
+ $url = str_replace('&', '&', $url);
What about the occurrences of "&(html-entity-code-here);" you
produced the line before?
Nothing? Any occu
On Thursday 30 September 2010 19:51:12 Lukas Fleischer wrote:
> On Thu, Sep 30, 2010 at 11:16:55PM +0530, Gaurish Sharma wrote:
> > OMG!!
>
> I already told Manuel about this security vulnerability yesterday [1].
> He didn't seem to do anyting against it yet tho.
>
> My advice is not to include a
On 09/30/2010 09:34 PM, Manuel Tortosa wrote:
On Thursday 30 September 2010 19:51:12 Lukas Fleischer wrote:
On Thu, Sep 30, 2010 at 11:16:55PM +0530, Gaurish Sharma wrote:
OMG!!
I already told Manuel about this security vulnerability yesterday [1].
He didn't seem to do anyting against it yet
On Thu, Sep 30, 2010 at 08:56:56PM +0200, PyroPeter wrote:
> Well, but you are encoding existing entities, that are not "&" as
> "&foo;". See the example below.
Yep, and that's how it's supposed to be. There shouldn't be any entities
that users put in the comments and that are not encoded.
> I se
18 matches
Mail list logo
