summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/pkgreq.php8
-rw-r--r--web/html/pkgsubmit.php6
-rw-r--r--web/lib/acctfuncs.inc.php2
-rw-r--r--web/lib/aur.inc.php2
-rw-r--r--web/lib/credentials.inc.php2
-rw-r--r--web/lib/pkgbasefuncs.inc.php2
-rw-r--r--web/lib/pkgreqfuncs.inc.php6
7 files changed, 21 insertions, 7 deletions
diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php
index 03b31b84..ccb0acd8 100644
--- a/web/html/pkgreq.php
+++ b/web/html/pkgreq.php
@@ -9,9 +9,17 @@ set_lang();
check_sid();
if (isset($base_id)) {
+ if (!has_credential(CRED_PKGREQ_FILE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("File Request"));
include('pkgreq_form.php');
} elseif (isset($pkgreq_id)) {
+ if (!has_credential(CRED_PKGREQ_CLOSE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("Close Request"));
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
include('pkgreq_close_form.php');
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index eac95a31..e1963de7 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -202,7 +202,7 @@ if ($uid):
/* Validate package base name. */
if (!$error) {
$pkgbase_name = $pkgbase_info['pkgbase'];
- if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) {
+ if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) {
$error = __("Invalid name: only lowercase letters are allowed.");
}
@@ -218,7 +218,7 @@ if ($uid):
/* Validate package names. */
$pkg_name = $pi['pkgname'];
- if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
+ if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) {
$error = __("Invalid name: only lowercase letters are allowed.");
break;
}
@@ -393,7 +393,7 @@ if ($uid):
* notification list.
*/
if ($was_orphan) {
- pkgbase_notify(account_from_sid($_COOKIE["AURSID"]), array($base_id), true);
+ pkgbase_notify(array($base_id), true);
}
end_atomic_commit();
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 254f0e2f..e3ff4949 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,7 @@ function valid_username($user) {
if (strlen($user) < USERNAME_MIN_LEN ||
strlen($user) > USERNAME_MAX_LEN) {
return false;
- } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) {
+ } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
return false;
}
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 82730bb5..81cbf694 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -471,7 +471,7 @@ function save_salt($user_id, $passwd) {
$hash = salted_hash($passwd, $salt);
$q = "UPDATE Users SET Salt = " . $dbh->quote($salt) . ", ";
$q.= "Passwd = " . $dbh->quote($hash) . " WHERE ID = " . $user_id;
- $result = $dbh->exec($q);
+ return $dbh->exec($q);
}
/**
diff --git a/web/lib/credentials.inc.php b/web/lib/credentials.inc.php
index efc203d3..0c428f2f 100644
--- a/web/lib/credentials.inc.php
+++ b/web/lib/credentials.inc.php
@@ -18,6 +18,7 @@ define("CRED_PKGBASE_NOTIFY", 13);
define("CRED_PKGBASE_SUBMIT_BLACKLISTED", 14);
define("CRED_PKGBASE_UNFLAG", 15);
define("CRED_PKGBASE_VOTE", 16);
+define("CRED_PKGREQ_FILE", 23);
define("CRED_PKGREQ_CLOSE", 17);
define("CRED_PKGREQ_LIST", 18);
define("CRED_TU_ADD_VOTE", 19);
@@ -48,6 +49,7 @@ function has_credential($credential, $approved_users=array()) {
case CRED_PKGBASE_FLAG:
case CRED_PKGBASE_NOTIFY:
case CRED_PKGBASE_VOTE:
+ case CRED_PKGREQ_FILE:
return ($atype == 'User' || $atype == 'Trusted User' ||
$atype == 'Developer' ||
$atype == 'Trusted User & Developer');
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 946209b7..1ac0b470 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -617,7 +617,7 @@ function pkgbase_adopt ($base_ids, $action=true, $via) {
$dbh->exec($q);
if ($action) {
- pkgbase_notify(account_from_sid($_COOKIE["AURSID"]), $base_ids);
+ pkgbase_notify($base_ids);
return array(true, __("The selected packages have been adopted."));
} else {
return array(true, __("The selected packages have been disowned."));
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 5924959a..92070434 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -91,7 +91,11 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
global $AUR_REQUEST_ML;
global $AUTO_ORPHAN_AGE;
- if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $merge_into)) {
+ if (!has_credential(CRED_PKGREQ_FILE)) {
+ return array(false, __("You must be logged in to file package requests."));
+ }
+
+ if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
return array(false, __("Invalid name: only lowercase letters are allowed."));
}