Modified to get details based on an exact package name, or based on a package id.

1 files changed, 19 insertions, 8 deletions

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index b8dff396..e6e40ffb 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -101,16 +101,27 @@ class AurJSON {
     }
 
     /**
-     * Returns the info on a specific package id.
-     * @param $package_id The ID of the package to fetch info.
+     * Returns the info on a specific package.
+     * @param $pqdata The ID or name of the package. Package Query Data.
      * @return mixed Returns an array of value data containing the package data
      **/
-    private function info($package_id) {
-        // using sprintf to coerce the package_id to an int
-        // should handle sql injection issues, since sprintf will
-        // bork if not an int, or convert the string to a number
-        $query = sprintf("SELECT ID,Name,Version,Description,URL,URLPath,License,NumVotes,OutOfDate FROM Packages WHERE ID=%d",$package_id);
-         $result = db_query($query, $this->dbh);
+    private function info($pqdata) {
+        $base_query = "SELECT ID,Name,Version,Description,URL,URLPath,License,NumVotes,OutOfDate FROM Packages WHERE ";
+
+        if is_numeric($pqdata) {
+            // just using sprintf to coerce the pqd to an int
+            // should handle sql injection issues, since sprintf will
+            // bork if not an int, or convert the string to a number 0
+            $query_stub = sprintf("ID=%d",$pqdata);
+        }
+        else {
+            if(get_magic_quotes_gpc()) {
+                $pqd = stripslashes($pqdata);
+            }
+            $query_stub = sprintf("Name=%s",mysql_real_escape_string($pqdata));
+        }
+
+        $result = db_query($query.$base_query, $this->dbh);
 
         if ( $result && (mysql_num_rows($result) > 0) ) {
             $row = mysql_fetch_assoc($result);