Do not allow for overwriting arbitrary packages

A package should only be overwritten if it already belongs to the package base that is trying to overwrite it. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2014-04-05 02:40:16 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2014-04-05 12:21:36 +0200
commit: 8921e4deb946967b7cdd4007ab7e989f7b31573a (patch)
tree: 63f715228647dac5fa70d0fe3c312421a8f560bd /web/lib/aur.inc.php
parent: afb02a10c64f2f45717dc1133e89e567e5d9e5d7 (diff)
download: aurweb-8921e4deb946967b7cdd4007ab7e989f7b31573a.tar.xz
1 files changed, 19 insertions, 0 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index e786e50..16aa261 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -313,6 +313,25 @@ function can_submit_pkgbase($name="", $sid="") {
 }
 
 /**
+ * Determine if a package can be overwritten by some package base
+ *
+ * @param string $name Name of the package to be submitted
+ * @param int $base_id The ID of the package base
+ *
+ * @return bool True if the package can be overwritten, false if not
+ */
+function can_submit_pkg($name, $base_id) {
+	$dbh = DB::connect();
+	$q = "SELECT COUNT(*) FROM Packages WHERE ";
+	$q.= "Name = " . $dbh->quote($name) . " AND ";
+	$q.= "PackageBaseID <> " . intval($base_id);
+	$result = $dbh->query($q);
+
+	if (!$result) return false;
+	return ($result->fetchColumn() == 0);
+}
+
+/**
  * Recursively delete a directory
  *
  * @param string $dirname Name of the directory to be removed
author	Lukas Fleischer <archlinux@cryptocrack.de>	2014-04-05 02:40:16 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2014-04-05 12:21:36 +0200
commit	8921e4deb946967b7cdd4007ab7e989f7b31573a (patch)
tree	63f715228647dac5fa70d0fe3c312421a8f560bd /web/lib/aur.inc.php
parent	afb02a10c64f2f45717dc1133e89e567e5d9e5d7 (diff)
download	aurweb-8921e4deb946967b7cdd4007ab7e989f7b31573a.tar.xz