From 1f179c9fbc5fc4bb7d94e53a52f519110d0b660e Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Sat, 12 Dec 2015 17:35:29 +0100
Subject: aurjson: Do not search by ID when argument is numeric

When performing info or multiinfo queries, one can currently either pass
package names or package IDs as parameters. As a consequence, it is
impossible to search for packages with a numeric package name because
numeric arguments are always treated as IDs. Since package IDs are not
public anymore these days, simply remove the possibility to search by ID
in revision 5 of the RPC interface.

Fixes FS#47324.

Suggested-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 web/lib/aurjson.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 9097035f..51a7c64d 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -346,7 +346,7 @@ class AurJSON {
 			if (!$arg) {
 				continue;
 			}
-			if (is_numeric($arg)) {
+			if ($this->version < 5 && is_numeric($arg)) {
 				$id_args[] = intval($arg);
 			} else {
 				$name_args[] = $this->dbh->quote($arg);
@@ -405,7 +405,7 @@ class AurJSON {
 	 */
 	private function info($http_data) {
 		$pqdata = $http_data['arg'];
-		if (is_numeric($pqdata)) {
+		if ($this->version < 5 && is_numeric($pqdata)) {
 			$where_condition = "Packages.ID = $pqdata";
 		} else {
 			$where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);
-- 
cgit v1.2.3-24-g4f1b