external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Be more restrictive with source tarball contents.

Browse source 
Reject tarballs containing more than one directory or files outside a
directory.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-03-30 20:26:13 +02:00
parent 0a625ae8ff
commit a427bd72a7
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
web/html/pkgsubmit.php
View file

@ -59,17 +59,28 @@ if ($_COOKIE["AURSID"]):
# Extract PKGBUILD into a string
$pkgbuild_raw = '';
$dircount = 0;
foreach ($tar->listContent() as $tar_file) {
if (preg_match('/^[^\/]+\/PKGBUILD$/', $tar_file['filename'])) {
$pkgbuild_raw = $tar->extractInString($tar_file['filename']);
}
elseif (preg_match('/^[^\/]+\/$/', $tar_file['filename'])) {
if (++$dircount > 1) {
$error = __("Error - source tarball may not contain more than one directory.");
break;
}
}
elseif (preg_match('/^[^\/]+$/', $tar_file['filename'])) {
$error = __("Error - source tarball may not contain files outside a directory.");
break;
}
elseif (preg_match('/^[^\/]+\/[^\/]+\//', $tar_file['filename'])) {
$error = __("Error - source tarball may not contain subdirectories.");
$error = __("Error - source tarball may not contain nested subdirectories.");
break;
}
}
if (empty($pkgbuild_raw)) {
if (!$error && empty($pkgbuild_raw)) {
$error = __("Error trying to unpack upload - PKGBUILD does not exist.");
}
}