summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/pkgreq.php8
-rw-r--r--web/lib/credentials.inc.php2
-rw-r--r--web/lib/pkgreqfuncs.inc.php4
3 files changed, 14 insertions, 0 deletions
diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php
index 03b31b84..ccb0acd8 100644
--- a/web/html/pkgreq.php
+++ b/web/html/pkgreq.php
@@ -9,9 +9,17 @@ set_lang();
check_sid();
if (isset($base_id)) {
+ if (!has_credential(CRED_PKGREQ_FILE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("File Request"));
include('pkgreq_form.php');
} elseif (isset($pkgreq_id)) {
+ if (!has_credential(CRED_PKGREQ_CLOSE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("Close Request"));
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
include('pkgreq_close_form.php');
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index efc203d3..0c428f2f 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_FILE", 23);
define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19);
@@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) {
case CRED_PKGBASE_FLAG:
case CRED_PKGBASE_NOTIFY:
case CRED_PKGBASE_VOTE:
+ case CRED_PKGREQ_FILE:
return ($atype == 'User' || $atype == 'Trusted User' ||
$atype == 'Developer' ||
$atype == 'Trusted User & Developer');
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 98fb0cb8..92070434 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -91,6 +91,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
global $AUR_REQUEST_ML;
global $AUTO_ORPHAN_AGE;
+ if (!has_credential(CRED_PKGREQ_FILE)) {
+ return array(false, __("You must be logged in to file package requests."));
+ }
+
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
return array(false, __("Invalid name: only lowercase letters are allowed."));
}