diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/html/pkgsubmit.php | 18 | ||||
-rw-r--r-- | web/template/login_form.php | 6 |
2 files changed, 18 insertions, 6 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index a5cc0c05..36f74bf9 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -311,6 +311,18 @@ if ($uid): $pkg_version = sprintf('%s-%s', $new_pkgbuild['pkgver'], $new_pkgbuild['pkgrel']); } + # Check the category to use, "1" meaning "none" (or "keep category" for + # existing packages). + if (isset($_POST['category'])) { + $category_id = intval($_POST['category']); + if ($category_id <= 0) { + $category_id = 1; + } + } + else { + $category_id = 1; + } + if ($pdata) { # This is an overwrite of an existing package, the database ID # needs to be preserved so that any votes are retained. However, @@ -324,9 +336,9 @@ if ($uid): db_query($q, $dbh); # If a new category was chosen, change it to that - if ($_POST['category'] > 1) { + if ($category_id > 1) { $q = sprintf( "UPDATE Packages SET CategoryID = %d WHERE ID = %d", - mysql_real_escape_string($_REQUEST['category']), + $category_id, $packageID); db_query($q, $dbh); @@ -350,7 +362,7 @@ if ($uid): mysql_real_escape_string($new_pkgbuild['pkgname']), mysql_real_escape_string($new_pkgbuild['license']), mysql_real_escape_string($pkg_version), - mysql_real_escape_string($_REQUEST['category']), + $category_id, mysql_real_escape_string($new_pkgbuild['pkgdesc']), mysql_real_escape_string($new_pkgbuild['url']), $uid, diff --git a/web/template/login_form.php b/web/template/login_form.php index b351a27e..c27e9ba3 100644 --- a/web/template/login_form.php +++ b/web/template/login_form.php @@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) print "<span class='error'>" . $login_error . "</span><br />\n"; } ?> -<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>"> +<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>"> <div> <label for="user"><?php print __('Username') . ':'; ?></label> <input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php @@ -31,8 +31,8 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])) else { ?> <span class='error'> - <?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?> - <a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a> + <?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."), + '<a href="https://aur.archlinux.org' . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?> </span> <?php } ?> </div> |