summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-02-02 18:03:09 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2011-02-11 14:43:22 +0100
commitb69f548065e78d14afcdc91548d73539762f8d93 (patch)
tree02678c8964659f34861872543b8c260371de6e10
parent881bfcced4b1b0906d7ef57af55f4e7201ad2474 (diff)
downloadaurweb-b69f548065e78d14afcdc91548d73539762f8d93.tar.xz
Add a package name blacklist.
Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--UPGRADING6
-rw-r--r--support/schema/aur-schema.sql9
-rw-r--r--web/html/pkgsubmit.php9
-rw-r--r--web/lib/pkgfuncs.inc23
4 files changed, 47 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index c649985..c5da23a 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -27,6 +27,12 @@ ALTER TABLE PackageSources
MODIFY Source VARCHAR(255) NOT NULL DEFAULT "/dev/null";
ALTER TABLE TU_VoteInfo
MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL;
+CREATE TABLE PackageBlacklist (
+ ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
+ Name CHAR(64) NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (Name)
+);
----
2. Drop all fulltext indexes from the "Packages" table:
diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql
index d37e1b2..dbfc87e 100644
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@@ -177,6 +177,15 @@ CREATE TABLE CommentNotify (
);
CREATE UNIQUE INDEX NotifyUserIDPkgID ON CommentNotify (UserID, PkgID);
+-- Package name blacklist
+--
+CREATE TABLE PackageBlacklist (
+ ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
+ Name CHAR(64) NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (Name)
+);
+
-- Vote information
--
CREATE TABLE IF NOT EXISTS TU_VoteInfo (
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 2b11b7b..9ef90a7 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -216,6 +216,15 @@ if ($_COOKIE["AURSID"]):
}
if (!$error) {
+ # Check if package name is blacklisted.
+ if (pkgname_is_blacklisted($pkg_name)) {
+ if (!canSubmitBlacklisted(account_from_sid($_COOKIE["AURSID"]))) {
+ $error = __( "%s is on the package blacklist, please check if it's available in the official repos.", $pkg_name);
+ }
+ }
+ }
+
+ if (!$error) {
# First, see if this package already exists, and if it can be overwritten
$pkg_exists = package_exists($pkg_name);
if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 28211f9..2f69321 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -64,6 +64,18 @@ function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) {
return 0;
}
+# Check if the current user can submit blacklisted packages.
+#
+function canSubmitBlacklisted($atype = "") {
+ if ($atype == "Trusted User" || $atype == "Developer") {
+ # Only TUs/Devs can submit blacklisted packages.
+ return TRUE;
+ }
+ else {
+ return FALSE;
+ }
+}
+
# grab the current list of PackageCategories
#
function pkgCategories() {
@@ -286,6 +298,17 @@ function pkgname_from_id($id="") {
return $id;
}
+# Check if a package name is blacklisted.
+#
+function pkgname_is_blacklisted($name) {
+ $dbh = db_connect();
+ $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'";
+ $result = db_query($q, $dbh);
+
+ if (!$result) return false;
+ return (mysql_result($result, 0) > 0);
+}
+
# display package details
#
function package_details($id=0, $SID="") {