diff options
author | Callan Barrett <wizzomafizzo@gmail.com> | 2008-01-11 17:01:19 +0100 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2008-01-20 07:21:20 +0100 |
commit | dbbf50ac9024dddb5ce70b8aa42c828596eb66d3 (patch) | |
tree | a1c286f5c540a780440b165e2b4528f2f6df80d7 | |
parent | ce225727f67f5b65b5f92ec96b074712c290ea63 (diff) | |
download | aur-dbbf50ac9024dddb5ce70b8aa42c828596eb66d3.tar.gz aur-dbbf50ac9024dddb5ce70b8aa42c828596eb66d3.tar.xz |
Removes need for name, overwrite and comment fields from pkgsubmit.php
This removes the name, overwrite and comment options from pkgsubmit.php
by moving when the tarball is extracted (and where) and when the pkgbuild
is parsed so pkgname is taken from the pkgbuild instead of user input
Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
-rw-r--r-- | web/html/pkgsubmit.php | 307 | ||||
-rw-r--r-- | web/lib/aur.inc | 22 |
2 files changed, 123 insertions, 206 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 46b78cf4..e3495918 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -29,158 +29,78 @@ if ($_COOKIE["AURSID"]) { } if ($_REQUEST["pkgsubmit"]) { - # If this var is set, then the visitor is uploading a file... - # - if (!$_REQUEST["pkgname"]) { - $error = __("You did not specify a package name."); - } else { - $pkg_name = str_replace("'", "", $_REQUEST["pkgname"]); - $pkg_name = escapeshellarg($pkg_name); - $pkg_name = str_replace("'", "", $pkg_name); # get rid of single quotes - - # Solves the problem when you try to submit PKGBUILD - # that have the name with a period like (gstreamer0.10) - # Added support for packages with + characters like (mysql++). - $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); - - if ($presult == FALSE || $presult <= 0) { - # FALSE => error processing regex, 0 => invalid characters - # - $error = __("Invalid name: only lowercase letters are allowed."); - } - } - - if (!$error && (!$_REQUEST["comments"] || $_REQUEST["comments"] == '')) { - $error = __("You must supply a comment for this upload/change."); - } - - if (!$error) { - # first, see if this package already exists, and if it can be overwritten - # - $pkg_exists = package_exists($pkg_name); - if ($pkg_exists) { - # ok, it exists - should it be overwritten, and does the user have - # the permissions to do so? - # - if (can_overwrite_pkg($pkg_name, $_COOKIE["AURSID"])) { - if (!$_REQUEST["overwrite"]) { - $error = __("You did not tag the 'overwrite' checkbox."); - } - } else { - $error = __("You are not allowed to overwrite the %h%s%h package.", - array("<b>", $pkg_name, "</b>")); - } - } - } - - # TODO check to see if the user has the ability to 'change' package - # attributes such as location and/or category. Examples: TUs can - # only add/change packages in Unsupported and the AUR, normal users - # can only add/change packages in Unsupported. - # - #Before processing, make sure we even have a file # if ($_FILES['pfile']['size'] == 0){ $error = __("Error - No file uploaded"); } + # temporary dir to put the tarball contents + $tempdir = uid_from_sid($_COOKIE['AURSID']) . time(); + if (!$error) { - # no errors checking upload permissions, go ahead and try to process - # the uploaded package file. - # - - $upload_file = UPLOAD_DIR . $_FILES["pfile"]["name"]; - - if (move_uploaded_file($_FILES["pfile"]["tmp_name"], $upload_file)) { - # ok, we can proceed - # - if (file_exists(INCOMING_DIR . $pkg_name)) { - # blow away the existing file/dir and contents - # - rm_rf(INCOMING_DIR . $pkg_name); - } - - } else { - # errors uploading file... - # - $error = __("Error trying to upload file - please try again."); - } - } - - # at this point, we can safely unpack the uploaded file and parse - # its contents. - # - if (!$error) { - - if (!@mkdir(INCOMING_DIR.$pkg_name)) { + if (!@mkdir(UPLOAD_DIR . $tempdir)) { $error = __("Could not create incoming directory: %s.", - array(INCOMING_DIR.$pkg_name)); + array(UPLOAD_DIR . $tempdir)); } else { - if (!@chdir(INCOMING_DIR.$pkg_name)) { + if (!@chdir(UPLOAD_DIR . $tempdir)) { $error = __("Could not change directory to %s.", - array(INCOMING_DIR.$pkg_name)); + array(UPLOAD_DIR . $tempdir)); } else { - # try .gz first - # - exec("/bin/sh -c 'tar xzf ".$upload_file."'", $trash, $retval); - if (!$retval) { - # now try .bz2 format - # - exec("/bin/sh -c 'tar xjf ".$upload_file."'", $trash, $retval); + exec("/bin/sh -c 'tar xzf " . $_FILES["pfile"]["tmp_name"] . "'", $trash, $retval); + if ($retval) { + exec("/bin/sh -c 'tar xjf " . $_FILES["pfile"]["tmp_name"] . "'", $trash, $retval); } - if (!$retval) { + if ($retval) { $error = __("Unknown file format for uploaded file."); } } } } - # At this point, if no error exists, the package has been extracted - # There should be a INCOMING_DIR.$pkg_name."/".$pkg_name directory - # if the user packaged it correctly. However, if the file was - # packaged without the $pkg_name subdirectory, try and create it - # and move the package contents into the new sub-directory. - # + # where is the pkgbuild?! if (!$error) { - if (is_dir(INCOMING_DIR.$pkg_name."/".$pkg_name) && - is_file(INCOMING_DIR.$pkg_name."/".$pkg_name."/PKGBUILD")) { - # the files were packaged correctly - # - if (!@chdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) { - $error = __("Could not change to directory %s.", - array(INCOMING_DIR.$pkg_name."/".$pkg_name)); + $d = dir(UPLOAD_DIR . $tempdir); + + $pkgbuild = ""; + $deepdir = ""; + while ($file = $d->read()) { + # try to find a PKGBUILD in the top level (naughty! :O) and + # also the first directory found to use for the next part if required + if ($file == "PKGBUILD") { + $pkgbuild = UPLOAD_DIR . $tempdir . "/PKGBUILD"; + $pkg_dir = UPLOAD_DIR . $tempdir; + break; + } else if (is_dir($file)) { + # we'll assume the first directory we find is the one with + # the pkgbuild in it + if ($file != "." && $file != "..") { + $deepdir = $file; + break; + } } - $pkg_dir = INCOMING_DIR.$pkg_name."/".$pkg_name; - } elseif (is_file(INCOMING_DIR.$pkg_name."/PKGBUILD")) { - # not packaged correctly, but recovery may be possible. - # try and create INCOMING_DIR.$pkg_name."/".$pkg_name and - # move package contents into the new dir - # - if (!@mkdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) { - $error = __("Could not create directory %s.", - array(INCOMING_DIR.$pkg_name."/".$pkg_name)); - } else { - exec("/bin/sh -c 'mv * ".$pkg_name."'"); - if (!file_exists(INCOMING_DIR.$pkg_name."/".$pkg_name."/PKGBUILD")) { - $error = __("Error exec'ing the mv command."); + } + + # if we couldn't find a pkgbuild in the top level we'll + # check in the first dir we found, if it's not there we assume + # there isn't any (even if there was the user should upload a proper tarball) + if ($pkgbuild == "" && $deepdir != "") { + $d = dir(UPLOAD_DIR . $tempdir . "/" . $deepdir); + while ($file = $d->read()) { + if ($file == "PKGBUILD") { + # oh my + $pkgbuild = UPLOAD_DIR . $tempdir . "/" . $deepdir ."/PKGBUILD"; + $pkg_dir = UPLOAD_DIR . $tempdir . "/" . $deepdir; + break; } } - if (!@chdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) { - $error = __("Could not change to directory %s.", - array(INCOMING_DIR.$pkg_name."/".$pkg_name)); + if ($pkgbuild == "") { + $error = __("Error trying to unpack upload - PKGBUILD does not exist."); } - $pkg_dir = INCOMING_DIR.$pkg_name."/".$pkg_name; - } else { - # some wierd packaging/extraction error - baal - # - $error = __("Error trying to unpack upload - PKGBUILD does not exist."); } - } - $shcmd = "/bin/mv ".$upload_file." "; - $shcmd.= escapeshellarg(INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]); - @exec($shcmd); + # we know where our pkgbuild is now, woot woot + } # if no error, get list of directory contents and process PKGBUILD # @@ -191,7 +111,7 @@ if ($_COOKIE["AURSID"]) { $pkg_contents = array(); while ($f = $d->read()) { if ($f != "." && $f != "..") { - $pkg_contents[$f] = filesize($f); + $pkg_contents[$f] = filesize($pkg_dir . "/" . $f); if (preg_match("/^(.*\.pkg\.tar\.gz|filelist)$/", $f)) { $error = __("Binary packages and filelists are not allowed for upload."); } @@ -285,7 +205,7 @@ if ($_COOKIE["AURSID"]) { # variable has a value. This does not do any validity checking # on the values, or attempts to fix line continuation/wrapping. # - if (!$seen_build_function) { + if (!$seen_build_function) { $error = __("Missing build function in PKGBUILD."); } if (!array_key_exists("md5sums", $pkgbuild)) { @@ -300,24 +220,20 @@ if ($_COOKIE["AURSID"]) { if (!array_key_exists("pkgdesc", $pkgbuild)) { $error = __("Missing pkgdesc variable in PKGBUILD."); } - if (!array_key_exists("license", $pkgbuild)) { - $error = __("Missing license variable in PKGBUILD."); - } + if (!array_key_exists("license", $pkgbuild)) { + $error = __("Missing license variable in PKGBUILD."); + } if (!array_key_exists("pkgrel", $pkgbuild)) { $error = __("Missing pkgrel variable in PKGBUILD."); } if (!array_key_exists("pkgver", $pkgbuild)) { $error = __("Missing pkgver variable in PKGBUILD."); } - if (!array_key_exists("arch", $pkgbuild)) { - $error = __("Missing arch variable in PKGBUILD."); - } + if (!array_key_exists("arch", $pkgbuild)) { + $error = __("Missing arch variable in PKGBUILD."); + } if (!array_key_exists("pkgname", $pkgbuild)) { $error = __("Missing pkgname variable in PKGBUILD."); - } else { - if ($pkgbuild["pkgname"] != $pkg_name) { - $error = __("Package names do not match."); - } } } @@ -352,20 +268,70 @@ if ($_COOKIE["AURSID"]) { } } + # now we've parsed the pkgbuild, let's move it to where it belongs + # + if (!$error) { + $pkg_name = str_replace("'", "", $pkgbuild['pkgname']); + $pkg_name = escapeshellarg($pkg_name); + $pkg_name = str_replace("'", "", $pkg_name); # get rid of single quotes + + # Solves the problem when you try to submit PKGBUILD + # that have the name with a period like (gstreamer0.10) + # Added support for packages with + characters like (mysql++). + $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); + + if ($presult == FALSE || $presult <= 0) { + # FALSE => error processing regex, 0 => invalid characters + # + $error = __("Invalid name: only lowercase letters are allowed."); + } + } + + if (!$error) { + # first, see if this package already exists, and if it can be overwritten + # + $pkg_exists = package_exists($pkg_name); + if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) { + if (file_exists(INCOMING_DIR . $pkg_name)) { + # blow away the existing file/dir and contents + # + rm_rf(INCOMING_DIR . $pkg_name); + } + + if (!@mkdir(INCOMING_DIR.$pkg_name)) { + $error = __("Could not create directory %s.", + array(INCOMING_DIR.$pkg_name)); + } + + $shcmd = "/bin/mv " . $pkg_dir . " " . escapeshellarg(INCOMING_DIR . $pkg_name . "/" . $pkg_name); + @exec($shcmd); + } else { + $error = __("You are not allowed to overwrite the %h%s%h package.", + array("<b>", $pkg_name, "</b>")); + } + } + # Re-tar the package for consistency's sake # if (!$error) { if (!@chdir(INCOMING_DIR.$pkg_name)) { $error = __("Could not change directory to %s.", - array(INCOMING_DIR.$pkg_name)); + array(INCOMING_DIR.$pkg_name)); } } + if (!$error) { @exec("/bin/sh -c 'tar czf ".$pkg_name.".tar.gz ".$pkg_name."'", $trash, $retval); if ($retval) { $error = __("Could not re-tar"); } } + + # whether it failed or not we can clean this out + if (file_exists(UPLOAD_DIR . $tempdir)) { + rm_rf(UPLOAD_DIR . $tempdir); + } + # update the backend database # if (!$error) { @@ -461,16 +427,6 @@ if ($_COOKIE["AURSID"]) { $q .= $pdata["ID"].", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } - - # add upload history - # - $q = "INSERT INTO PackageComments "; - $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; - $q.= $pdata["ID"] . ", " . uid_from_sid($_COOKIE['AURSID']); - $q.= ", '" . mysql_real_escape_string($_REQUEST["comments"]); - $q.= "', UNIX_TIMESTAMP())"; - db_query($q); - } else { # this is a brand new package # @@ -533,17 +489,11 @@ if ($_COOKIE["AURSID"]) { $q .= $packageID.", '".mysql_real_escape_string($v)."')"; db_query($q, $dbh); } - - # add upload history - # - $q = "INSERT INTO PackageComments "; - $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES ("; - $q.= $packageID . ", " . uid_from_sid($_COOKIE["AURSID"]) . ", '"; - $q.= mysql_real_escape_string($_REQUEST["comments"]); - $q.= "', UNIX_TIMESTAMP())"; - db_query($q, $dbh); } } + + # must chdir because include dirs are relative! + chdir($_SERVER['DOCUMENT_ROOT']); } @@ -554,13 +504,13 @@ if ($_COOKIE["AURSID"]) { if (ini_get("file_uploads")) { if ($error) { print "<span class='error'>".$error."</span><br />\n"; - print "<br /> <br />\n"; + print "<br />\n"; } - if ($warning) { - print "<br><span class='error'>".$warning."</span><br />\n"; - print "<br /> <br />\n"; - } + if ($warning) { + print "<br><span class='error'>".$warning."</span><br />\n"; + print "<br />\n"; + } $pkg_categories = pkgCategories(); $pkg_locations = pkgLocations(); @@ -573,13 +523,6 @@ if ($_COOKIE["AURSID"]) { print "<table border='0' cellspacing='5'>\n"; print "<tr>\n"; print " <td span='f4' align='right'>"; - print __("Package name").":</td>\n"; - print " <td span='f4' align='left'>"; - print "<input type='text' name='pkgname' size='30' maxlength='32' />\n"; - print " </td>\n"; - print "</tr>\n"; - print "<tr>\n"; - print " <td span='f4' align='right'>"; print __("Package Category").":</td>\n"; print " <td span='f4' align='left'>"; print "<select name='category'>"; @@ -607,31 +550,11 @@ if ($_COOKIE["AURSID"]) { print "<input type='file' name='pfile' size='30' />\n"; print " </td>\n"; print "</tr>\n"; - print "<tr>\n"; - print " <td span='f4' align='right'>"; - print __("Overwrite existing package?"); - print " </td>\n"; - print " <td span='f4' align='left'>"; - print "<input type='radio' name='overwrite' value='1'> ".__("Yes"); - print " "; - print "<input type='radio' name='overwrite' value='0' checked> "; - print __("No"); - print " </td>\n"; - print "</tr>\n"; - print "<tr>\n"; - print " <td valign='top' span='f4' align='right'>"; - print __("Comment").":</td>\n"; - print " <td span='f4' align='left'>"; - print "<textarea rows='10' cols='50' name='comments'></textarea>"; - print " </td>\n"; - print "</tr>\n"; print "<tr>\n"; print " <td> </td>\n"; print " <td align='left'>"; print "<input class='button' type='submit' value='".__("Upload")."' />\n"; - print " "; - print "<input class='button' type='reset' value='".__("Reset")."' />\n"; print "</td>\n"; print "</tr>\n"; print "</table>\n"; @@ -646,7 +569,7 @@ if ($_COOKIE["AURSID"]) { if ($warning) { print "<span class='warning'>".$warning."</span><br />\n"; - print "<br /> <br />\n"; + print "<br />\n"; } } diff --git a/web/lib/aur.inc b/web/lib/aur.inc index 02580604..c18365cc 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -7,6 +7,7 @@ header('Pragma: no-cache'); include_once("version.inc"); include_once("config.inc"); include_once("aur_po.inc"); +// TODO: remove this, move translations over for login form include_once("index_po.inc"); # TODO do we need to set the domain on cookies? I seem to remember some @@ -425,29 +426,22 @@ function dbug($msg) { return; } -# check to see if the user can overwrite an existing package +# check to see if the user can submit a package # -function can_overwrite_pkg($name="", $sid="") { +function can_submit_pkg($name="", $sid="") { if (!$name || !$sid) {return 0;} $dbh = db_connect(); - $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID "; + $q = "SELECT MaintainerUID "; $q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'"; $result = db_query($q, $dbh); - if (!$result) {return 0;} + if (mysql_num_rows($result) == 0) {return 1;} $row = mysql_fetch_row($result); $my_uid = uid_from_sid($sid); - # user is a dev and maintains the package - # - if ($my_uid == $row[2]) {return 1;} - - # user is a TU and there is no dev - # - if (!$row[2] && $my_uid == $row[1]) {return 1;} + if ($row[0] == $my_uid) { + return 1; + } - # user is a user and there is no TU or dev - # - if (!$row[2] && !$row[1] && $my_uid == $row[0]) {return 1;} return 0; } |