diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-02 18:03:09 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-11 14:43:22 +0100 |
commit | b69f548065e78d14afcdc91548d73539762f8d93 (patch) | |
tree | 02678c8964659f34861872543b8c260371de6e10 | |
parent | 881bfcced4b1b0906d7ef57af55f4e7201ad2474 (diff) | |
download | aurweb-b69f548065e78d14afcdc91548d73539762f8d93.tar.xz |
Add a package name blacklist.
Can be used to blacklist package names for normal users. TUs and
developers are not affected. This is especially useful if used together
with a cron job that updates the blacklist periodically, e.g. to reject
packages which are available in the binary repos (FS#12902).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | UPGRADING | 6 | ||||
-rw-r--r-- | support/schema/aur-schema.sql | 9 | ||||
-rw-r--r-- | web/html/pkgsubmit.php | 9 | ||||
-rw-r--r-- | web/lib/pkgfuncs.inc | 23 |
4 files changed, 47 insertions, 0 deletions
@@ -27,6 +27,12 @@ ALTER TABLE PackageSources MODIFY Source VARCHAR(255) NOT NULL DEFAULT "/dev/null"; ALTER TABLE TU_VoteInfo MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL; +CREATE TABLE PackageBlacklist ( + ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, + Name CHAR(64) NOT NULL, + PRIMARY KEY (ID), + UNIQUE (Name) +); ---- 2. Drop all fulltext indexes from the "Packages" table: diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index d37e1b2..dbfc87e 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -177,6 +177,15 @@ CREATE TABLE CommentNotify ( ); CREATE UNIQUE INDEX NotifyUserIDPkgID ON CommentNotify (UserID, PkgID); +-- Package name blacklist +-- +CREATE TABLE PackageBlacklist ( + ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, + Name CHAR(64) NOT NULL, + PRIMARY KEY (ID), + UNIQUE (Name) +); + -- Vote information -- CREATE TABLE IF NOT EXISTS TU_VoteInfo ( diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 2b11b7b..9ef90a7 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -216,6 +216,15 @@ if ($_COOKIE["AURSID"]): } if (!$error) { + # Check if package name is blacklisted. + if (pkgname_is_blacklisted($pkg_name)) { + if (!canSubmitBlacklisted(account_from_sid($_COOKIE["AURSID"]))) { + $error = __( "%s is on the package blacklist, please check if it's available in the official repos.", $pkg_name); + } + } + } + + if (!$error) { # First, see if this package already exists, and if it can be overwritten $pkg_exists = package_exists($pkg_name); if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) { diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 28211f9..2f69321 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -64,6 +64,18 @@ function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) { return 0; } +# Check if the current user can submit blacklisted packages. +# +function canSubmitBlacklisted($atype = "") { + if ($atype == "Trusted User" || $atype == "Developer") { + # Only TUs/Devs can submit blacklisted packages. + return TRUE; + } + else { + return FALSE; + } +} + # grab the current list of PackageCategories # function pkgCategories() { @@ -286,6 +298,17 @@ function pkgname_from_id($id="") { return $id; } +# Check if a package name is blacklisted. +# +function pkgname_is_blacklisted($name) { + $dbh = db_connect(); + $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'"; + $result = db_query($q, $dbh); + + if (!$result) return false; + return (mysql_result($result, 0) > 0); +} + # display package details # function package_details($id=0, $SID="") { |