external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'maint'

Browse source
This commit is contained in:
Lukas Fleischer 2014-08-11 22:50:01 +02:00
commit 49f76cd53b
7 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
web/html/pkgreq.php
View file

@ -9,9 +9,17 @@ set_lang();
check_sid(); check_sid();
if (isset($base_id)) { if (isset($base_id)) {
if (!has_credential(CRED_PKGREQ_FILE)) {
header('Location: /');
exit();
}
html_header(__("File Request")); html_header(__("File Request"));
include('pkgreq_form.php'); include('pkgreq_form.php');
} elseif (isset($pkgreq_id)) { } elseif (isset($pkgreq_id)) {
if (!has_credential(CRED_PKGREQ_CLOSE)) {
header('Location: /');
exit();
}
html_header(__("Close Request")); html_header(__("Close Request"));
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id); $pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
include('pkgreq_close_form.php'); include('pkgreq_close_form.php');

6
web/html/pkgsubmit.php
View file

@ -202,7 +202,7 @@ if ($uid):
/* Validate package base name. */ /* Validate package base name. */
if (!$error) { if (!$error) {
$pkgbase_name = $pkgbase_info['pkgbase']; $pkgbase_name = $pkgbase_info['pkgbase'];
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) { if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) {
$error = __("Invalid name: only lowercase letters are allowed."); $error = __("Invalid name: only lowercase letters are allowed.");
} }
@ -218,7 +218,7 @@ if ($uid):
/* Validate package names. */ /* Validate package names. */
$pkg_name = $pi['pkgname']; $pkg_name = $pi['pkgname'];
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) { if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) {
$error = __("Invalid name: only lowercase letters are allowed."); $error = __("Invalid name: only lowercase letters are allowed.");
break; break;
} }
@ -393,7 +393,7 @@ if ($uid):
* notification list. * notification list.
*/ */
if ($was_orphan) { if ($was_orphan) {
pkgbase_notify(account_from_sid($_COOKIE["AURSID"]), array($base_id), true); pkgbase_notify(array($base_id), true);
} }
end_atomic_commit(); end_atomic_commit();

2
web/lib/acctfuncs.inc.php
View file

@ -544,7 +544,7 @@ function valid_username($user) {
if (strlen($user) < USERNAME_MIN_LEN || if (strlen($user) < USERNAME_MIN_LEN ||
strlen($user) > USERNAME_MAX_LEN) { strlen($user) > USERNAME_MAX_LEN) {
return false; return false;
} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) { } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
return false; return false;
} }

2
web/lib/aur.inc.php
View file

@ -471,7 +471,7 @@ function save_salt($user_id, $passwd) {
$hash = salted_hash($passwd, $salt); $hash = salted_hash($passwd, $salt);
$q = "UPDATE Users SET Salt = " . $dbh->quote($salt) . ", "; $q = "UPDATE Users SET Salt = " . $dbh->quote($salt) . ", ";
$q.= "Passwd = " . $dbh->quote($hash) . " WHERE ID = " . $user_id; $q.= "Passwd = " . $dbh->quote($hash) . " WHERE ID = " . $user_id;
$result = $dbh->exec($q); return $dbh->exec($q);
} }
/** /**

2
web/lib/credentials.inc.php
View file

@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14); define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15); define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16); define("CRED_PKGBASE_VOTE", 16);
define("CRED_PKGREQ_FILE", 23);
define("CRED_PKGREQ_CLOSE", 17); define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18); define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19); define("CRED_TU_ADD_VOTE", 19);
@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) {
case CRED_PKGBASE_FLAG: case CRED_PKGBASE_FLAG:
case CRED_PKGBASE_NOTIFY: case CRED_PKGBASE_NOTIFY:
case CRED_PKGBASE_VOTE: case CRED_PKGBASE_VOTE:
case CRED_PKGREQ_FILE:
return ($atype == 'User' || $atype == 'Trusted User' || return ($atype == 'User' || $atype == 'Trusted User' ||
$atype == 'Developer' || $atype == 'Developer' ||
$atype == 'Trusted User & Developer'); $atype == 'Trusted User & Developer');

2
web/lib/pkgbasefuncs.inc.php
View file

@ -617,7 +617,7 @@ function pkgbase_adopt ($base_ids, $action=true, $via) {
$dbh->exec($q); $dbh->exec($q);
if ($action) { if ($action) {
pkgbase_notify(account_from_sid($_COOKIE["AURSID"]), $base_ids); pkgbase_notify($base_ids);
return array(true, __("The selected packages have been adopted.")); return array(true, __("The selected packages have been adopted."));
} else { } else {
return array(true, __("The selected packages have been disowned.")); return array(true, __("The selected packages have been disowned."));

6
web/lib/pkgreqfuncs.inc.php
View file

@ -91,7 +91,11 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
global $AUR_REQUEST_ML; global $AUR_REQUEST_ML;
global $AUTO_ORPHAN_AGE; global $AUTO_ORPHAN_AGE;
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $merge_into)) { if (!has_credential(CRED_PKGREQ_FILE)) {
return array(false, __("You must be logged in to file package requests."));
}
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
return array(false, __("Invalid name: only lowercase letters are allowed.")); return array(false, __("Invalid name: only lowercase letters are allowed."));
} }