external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

aurjson: Do not search by ID when argument is numeric

Browse source 
When performing info or multiinfo queries, one can currently either pass
package names or package IDs as parameters. As a consequence, it is
impossible to search for packages with a numeric package name because
numeric arguments are always treated as IDs. Since package IDs are not
public anymore these days, simply remove the possibility to search by ID
in revision 5 of the RPC interface.

Fixes FS#47324.

Suggested-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2015-12-12 17:35:29 +01:00
parent 8f870cc5f4
commit 1f179c9fbc
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/lib/aurjson.class.php
View file

@ -346,7 +346,7 @@ class AurJSON {
if (!$arg) {
continue;
}
if (is_numeric($arg)) {
if ($this->version < 5 && is_numeric($arg)) {
$id_args[] = intval($arg);
} else {
$name_args[] = $this->dbh->quote($arg);
@ -405,7 +405,7 @@ class AurJSON {
*/
private function info($http_data) {
$pqdata = $http_data['arg'];
if (is_numeric($pqdata)) {
if ($this->version < 5 && is_numeric($pqdata)) {
$where_condition = "Packages.ID = $pqdata";
} else {
$where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);