summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2015-12-12 17:35:29 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2015-12-13 10:22:59 +0100
commit1f179c9fbc5fc4bb7d94e53a52f519110d0b660e (patch)
tree9bdb8b17d457fd347c63150432809b0f9485d922 /web
parent8f870cc5f4e4810e3fdb2346275a2d7f7e3e91e0 (diff)
downloadaur-1f179c9fbc5fc4bb7d94e53a52f519110d0b660e.tar.gz
aur-1f179c9fbc5fc4bb7d94e53a52f519110d0b660e.tar.xz
aurjson: Do not search by ID when argument is numeric
When performing info or multiinfo queries, one can currently either pass package names or package IDs as parameters. As a consequence, it is impossible to search for packages with a numeric package name because numeric arguments are always treated as IDs. Since package IDs are not public anymore these days, simply remove the possibility to search by ID in revision 5 of the RPC interface. Fixes FS#47324. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web')
-rw-r--r--web/lib/aurjson.class.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 9097035f..51a7c64d 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -346,7 +346,7 @@ class AurJSON {
if (!$arg) {
continue;
}
- if (is_numeric($arg)) {
+ if ($this->version < 5 && is_numeric($arg)) {
$id_args[] = intval($arg);
} else {
$name_args[] = $this->dbh->quote($arg);
@@ -405,7 +405,7 @@ class AurJSON {
*/
private function info($http_data) {
$pqdata = $http_data['arg'];
- if (is_numeric($pqdata)) {
+ if ($this->version < 5 && is_numeric($pqdata)) {
$where_condition = "Packages.ID = $pqdata";
} else {
$where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);