external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Validate package base name when filing requests

Browse source 
Make sure that the package base to merge into does not contain any
invalid characters.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-07-02 07:10:13 +02:00
parent e141c6c38c
commit 06b7099357
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
web/html/pkgbase.php
View file

@ -97,7 +97,12 @@ if (check_token()) {
} elseif (current_action("do_ChangeCategory")) { } elseif (current_action("do_ChangeCategory")) {
list($ret, $output) = pkgbase_change_category($base_id, $atype); list($ret, $output) = pkgbase_change_category($base_id, $atype);
} elseif (current_action("do_FileRequest")) { } elseif (current_action("do_FileRequest")) {
list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']); if (empty($_POST['merge_into']) || preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $_POST['merge_into'])) {
list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']);
} else {
$output = __("Invalid name: only lowercase letters are allowed.");
$ret = false;
}
} elseif (current_action("do_CloseRequest")) { } elseif (current_action("do_CloseRequest")) {
list($ret, $output) = pkgreq_close($_POST['reqid'], false); list($ret, $output) = pkgreq_close($_POST['reqid'], false);
} }