diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-04-05 02:40:16 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-04-05 12:21:36 +0200 |
| commit | 8921e4deb946967b7cdd4007ab7e989f7b31573a (patch) | |
| tree | 63f715228647dac5fa70d0fe3c312421a8f560bd | |
| parent | afb02a10c64f2f45717dc1133e89e567e5d9e5d7 (diff) | |
| download | aur-8921e4deb946967b7cdd4007ab7e989f7b31573a.tar.gz aur-8921e4deb946967b7cdd4007ab7e989f7b31573a.tar.xz | |
Do not allow for overwriting arbitrary packages
A package should only be overwritten if it already belongs to the
package base that is trying to overwrite it.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
| -rw-r--r-- | web/html/pkgsubmit.php | 44 | ||||
| -rw-r--r-- | web/lib/aur.inc.php | 19 |
2 files changed, 42 insertions, 21 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 13a67d8a..cf5e03bd 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -410,33 +410,35 @@ if ($uid): } /* Upload PKGBUILD and tarball. */ - if (!$error) { - /* - * First, check whether this package already exists and - * whether it can be overwritten. - */ - if (can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) { - if (file_exists($incoming_pkgdir)) { - /* - * Blow away the existing directory and - * its contents. - */ - rm_tree($incoming_pkgdir); - } + if (!$error && !can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) { + $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkgbase_name, "</strong>"); + } - /* - * The mode is masked by the current umask, so - * not as scary as it looks. - */ - if (!mkdir($incoming_pkgdir, 0777, true)) { - $error = __( "Could not create directory %s.", $incoming_pkgdir); + if (!$error) { + foreach ($pkginfo as $pi) { + if (!can_submit_pkg($pi['pkgname'], $base_id)) { + $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pi['pkgname'], "</strong>"); + break; } - } else { - $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkg_name, "</strong>"); } } if (!$error) { + /* + * Blow away the existing directory and its contents. + */ + if (file_exists($incoming_pkgdir)) { + rm_tree($incoming_pkgdir); + } + + /* + * The mode is masked by the current umask, so not as + * scary as it looks. + */ + if (!mkdir($incoming_pkgdir, 0777, true)) { + $error = __( "Could not create directory %s.", $incoming_pkgdir); + } + if (!chdir($incoming_pkgdir)) { $error = __("Could not change directory to %s.", $incoming_pkgdir); } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index e786e507..16aa2619 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -313,6 +313,25 @@ function can_submit_pkgbase($name="", $sid="") { } /** + * Determine if a package can be overwritten by some package base + * + * @param string $name Name of the package to be submitted + * @param int $base_id The ID of the package base + * + * @return bool True if the package can be overwritten, false if not + */ +function can_submit_pkg($name, $base_id) { + $dbh = DB::connect(); + $q = "SELECT COUNT(*) FROM Packages WHERE "; + $q.= "Name = " . $dbh->quote($name) . " AND "; + $q.= "PackageBaseID <> " . intval($base_id); + $result = $dbh->query($q); + + if (!$result) return false; + return ($result->fetchColumn() == 0); +} + +/** * Recursively delete a directory * * @param string $dirname Name of the directory to be removed |