diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2015-12-12 17:35:29 +0100 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2015-12-13 10:22:59 +0100 |
commit | 1f179c9fbc5fc4bb7d94e53a52f519110d0b660e (patch) | |
tree | 9bdb8b17d457fd347c63150432809b0f9485d922 | |
parent | 8f870cc5f4e4810e3fdb2346275a2d7f7e3e91e0 (diff) | |
download | aur-1f179c9fbc5fc4bb7d94e53a52f519110d0b660e.tar.gz aur-1f179c9fbc5fc4bb7d94e53a52f519110d0b660e.tar.xz |
aurjson: Do not search by ID when argument is numeric
When performing info or multiinfo queries, one can currently either pass
package names or package IDs as parameters. As a consequence, it is
impossible to search for packages with a numeric package name because
numeric arguments are always treated as IDs. Since package IDs are not
public anymore these days, simply remove the possibility to search by ID
in revision 5 of the RPC interface.
Fixes FS#47324.
Suggested-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | web/lib/aurjson.class.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 9097035f..51a7c64d 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -346,7 +346,7 @@ class AurJSON { if (!$arg) { continue; } - if (is_numeric($arg)) { + if ($this->version < 5 && is_numeric($arg)) { $id_args[] = intval($arg); } else { $name_args[] = $this->dbh->quote($arg); @@ -405,7 +405,7 @@ class AurJSON { */ private function info($http_data) { $pqdata = $http_data['arg']; - if (is_numeric($pqdata)) { + if ($this->version < 5 && is_numeric($pqdata)) { $where_condition = "Packages.ID = $pqdata"; } else { $where_condition = "Packages.Name = " . $this->dbh->quote($pqdata); |