external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

pkgsubmit.php: Ensure the session is linked to a valid user.

Browse source 
Prevent race conditions that may occur when either the session or the
user is deleted before we extract the actual user identifier.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-04-24 14:22:24 +02:00
parent 9ff30614b8
commit ed9c95623f
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
web/html/pkgsubmit.php
View file

@ -13,7 +13,14 @@ check_sid(); # see if they're still logged in
$cwd = getcwd(); $cwd = getcwd();
if ($_COOKIE["AURSID"]): if ($_COOKIE["AURSID"]) {
$uid = uid_from_sid($_COOKIE['AURSID']);
}
else {
$uid = NULL;
}
if ($uid):
# Track upload errors # Track upload errors
$error = ""; $error = "";
@ -51,8 +58,6 @@ if ($_COOKIE["AURSID"]):
fclose($fh); fclose($fh);
} }
$uid = uid_from_sid($_COOKIE['AURSID']);
if (!$error) { if (!$error) {
$tar = new Archive_Tar($_FILES['pfile']['tmp_name']); $tar = new Archive_Tar($_FILES['pfile']['tmp_name']);