diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-23 15:11:59 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-23 15:11:59 +0200 |
commit | ed1e747847ce6e5f9928505e7fc6630779d91f85 (patch) | |
tree | ce3ac1f5259940700fb101624de5bd0f2ed30f63 | |
parent | 68abf41b940c9b9c850005d6023ba76f3d28f7ac (diff) | |
download | aurweb-ed1e747847ce6e5f9928505e7fc6630779d91f85.tar.xz |
Verify that the target of merge operations exists
Make sure that the target of a merge operation is either empty or an
existing package base name.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/lib/pkgreqfuncs.inc.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php index 5b86eaa..41d1515 100644 --- a/web/lib/pkgreqfuncs.inc.php +++ b/web/lib/pkgreqfuncs.inc.php @@ -95,6 +95,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) { return array(false, __("Invalid name: only lowercase letters are allowed.")); } + if (!empty($merge_into) && !pkgbase_from_name($merge_into)) { + return array(false, __("Cannot find package to merge votes and comments into.")); + } + if (empty($comments)) { return array(false, __("The comment field must not be empty.")); } |