external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Return 404 for invalid account/package subpages

Browse source 
Display an error page and return a 404 status code in the following
cases:

* An invalid package name is passed to the "packages" action.
* An invalid user name is passed to the "account" action.
* An invalid package action is passed.
* An invalid account action is passed.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2012-10-30 14:27:11 +01:00
parent 9fd4845d16
commit 69e2d1dcff
1 changed files with 26 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
web/html/index.php
View file

@ -7,15 +7,21 @@ include_once("pkgfuncs.inc.php");
$path = $_SERVER['PATH_INFO']; $path = $_SERVER['PATH_INFO'];
$tokens = explode('/', $path); $tokens = explode('/', $path);
if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { if (!empty($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
if (isset($tokens[2])) { if (!empty($tokens[2])) {
/* TODO: Create a proper data structure to pass variables from /* TODO: Create a proper data structure to pass variables from
* the routing framework to the individual pages instead of * the routing framework to the individual pages instead of
* initializing arbitrary variables here. */ * initializing arbitrary variables here. */
$pkgname = $tokens[2]; $pkgname = $tokens[2];
$pkgid = pkgid_from_name($pkgname); $pkgid = pkgid_from_name($pkgname);
if (isset($tokens[3])) { if (!$pkgid) {
header("HTTP/1.0 404 Not Found");
include "./404.php";
return;
}
if (!empty($tokens[3])) {
if ($tokens[3] == 'voters') { if ($tokens[3] == 'voters') {
$_GET['ID'] = pkgid_from_name($tokens[2]); $_GET['ID'] = pkgid_from_name($tokens[2]);
include('voters.php'); include('voters.php');
@ -49,6 +55,10 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
case "merge": case "merge":
include('pkgmerge.php'); include('pkgmerge.php');
return; return;
default:
header("HTTP/1.0 404 Not Found");
include "./404.php";
return;
} }
if (isset($_COOKIE['AURSID'])) { if (isset($_COOKIE['AURSID'])) {
@ -60,17 +70,25 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
} }
include get_route('/' . $tokens[1]); include get_route('/' . $tokens[1]);
} elseif (isset($tokens[1]) && '/' . $tokens[1] == get_user_route()) { } elseif (!empty($tokens[1]) && '/' . $tokens[1] == get_user_route()) {
if (isset($tokens[2])) { if (!empty($tokens[2])) {
$_REQUEST['U'] = $tokens[2]; $_REQUEST['ID'] = uid_from_username($tokens[2]);
if (isset($tokens[3])) { if (!$_REQUEST['ID']) {
header("HTTP/1.0 404 Not Found");
include "./404.php";
return;
}
if (!empty($tokens[3])) {
if ($tokens[3] == 'edit') { if ($tokens[3] == 'edit') {
$_REQUEST['Action'] = "DisplayAccount"; $_REQUEST['Action'] = "DisplayAccount";
} elseif ($tokens[3] == 'update') { } elseif ($tokens[3] == 'update') {
$_REQUEST['Action'] = "UpdateAccount"; $_REQUEST['Action'] = "UpdateAccount";
} else { } else {
$_REQUEST['Action'] = "AccountInfo"; header("HTTP/1.0 404 Not Found");
include "./404.php";
return;
} }
} else { } else {
$_REQUEST['Action'] = "AccountInfo"; $_REQUEST['Action'] = "AccountInfo";