summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-04-05 02:40:16 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-04-05 12:21:36 +0200
commit8921e4deb946967b7cdd4007ab7e989f7b31573a (patch)
tree63f715228647dac5fa70d0fe3c312421a8f560bd
parentafb02a10c64f2f45717dc1133e89e567e5d9e5d7 (diff)
downloadaurweb-8921e4deb946967b7cdd4007ab7e989f7b31573a.tar.xz
Do not allow for overwriting arbitrary packages
A package should only be overwritten if it already belongs to the package base that is trying to overwrite it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/html/pkgsubmit.php44
-rw-r--r--web/lib/aur.inc.php19
2 files changed, 42 insertions, 21 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 13a67d8..cf5e03b 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -410,33 +410,35 @@ if ($uid):
}
/* Upload PKGBUILD and tarball. */
- if (!$error) {
- /*
- * First, check whether this package already exists and
- * whether it can be overwritten.
- */
- if (can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) {
- if (file_exists($incoming_pkgdir)) {
- /*
- * Blow away the existing directory and
- * its contents.
- */
- rm_tree($incoming_pkgdir);
- }
+ if (!$error && !can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) {
+ $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkgbase_name, "</strong>");
+ }
- /*
- * The mode is masked by the current umask, so
- * not as scary as it looks.
- */
- if (!mkdir($incoming_pkgdir, 0777, true)) {
- $error = __( "Could not create directory %s.", $incoming_pkgdir);
+ if (!$error) {
+ foreach ($pkginfo as $pi) {
+ if (!can_submit_pkg($pi['pkgname'], $base_id)) {
+ $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pi['pkgname'], "</strong>");
+ break;
}
- } else {
- $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkg_name, "</strong>");
}
}
if (!$error) {
+ /*
+ * Blow away the existing directory and its contents.
+ */
+ if (file_exists($incoming_pkgdir)) {
+ rm_tree($incoming_pkgdir);
+ }
+
+ /*
+ * The mode is masked by the current umask, so not as
+ * scary as it looks.
+ */
+ if (!mkdir($incoming_pkgdir, 0777, true)) {
+ $error = __( "Could not create directory %s.", $incoming_pkgdir);
+ }
+
if (!chdir($incoming_pkgdir)) {
$error = __("Could not change directory to %s.", $incoming_pkgdir);
}
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index e786e50..16aa261 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -313,6 +313,25 @@ function can_submit_pkgbase($name="", $sid="") {
}
/**
+ * Determine if a package can be overwritten by some package base
+ *
+ * @param string $name Name of the package to be submitted
+ * @param int $base_id The ID of the package base
+ *
+ * @return bool True if the package can be overwritten, false if not
+ */
+function can_submit_pkg($name, $base_id) {
+ $dbh = DB::connect();
+ $q = "SELECT COUNT(*) FROM Packages WHERE ";
+ $q.= "Name = " . $dbh->quote($name) . " AND ";
+ $q.= "PackageBaseID <> " . intval($base_id);
+ $result = $dbh->query($q);
+
+ if (!$result) return false;
+ return ($result->fetchColumn() == 0);
+}
+
+/**
* Recursively delete a directory
*
* @param string $dirname Name of the directory to be removed