summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-23 15:11:59 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-23 15:11:59 +0200
commited1e747847ce6e5f9928505e7fc6630779d91f85 (patch)
treece3ac1f5259940700fb101624de5bd0f2ed30f63
parent68abf41b940c9b9c850005d6023ba76f3d28f7ac (diff)
downloadaurweb-ed1e747847ce6e5f9928505e7fc6630779d91f85.tar.xz
Verify that the target of merge operations exists
Make sure that the target of a merge operation is either empty or an existing package base name. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/lib/pkgreqfuncs.inc.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 5b86eaa..41d1515 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -95,6 +95,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
return array(false, __("Invalid name: only lowercase letters are allowed."));
}
+ if (!empty($merge_into) && !pkgbase_from_name($merge_into)) {
+ return array(false, __("Cannot find package to merge votes and comments into."));
+ }
+
if (empty($comments)) {
return array(false, __("The comment field must not be empty."));
}