diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-03-19 23:18:48 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-03-19 23:29:58 +0100 |
commit | 1f36664e9f55b175472436973a238aa36bd58bb2 (patch) | |
tree | 6edfb49d7d8ba0369e88eabbf4e708ae96646816 /web/lib/config.inc.php.proto | |
parent | 1e29bd2217f4320d3df156c448bf16aaeaec53d6 (diff) | |
download | aurweb-1f36664e9f55b175472436973a238aa36bd58bb2.tar.xz |
web/html/pkgsubmit.php: Revamp tarball validation
* Reorder checks.
* Use simple string functions instead of regular expressions.
* Check for type flags before validating paths.
The latter ensures we don't treat tarball keywords/flags as directories.
This avoids problems with bsdtar inserting PaxHeader attributes into the
archive which look something like the following to Archive_Tar:
PaxHeader/xcursor-protozoa
xcursor-protozoa/
xcursor-protozoa/PaxHeader/PKGBUILD
xcursor-protozoa/PKGBUILD
This only occurs on certain filesystems (e.g. jfs), but the tarball is
by no means invalid. When extracted, it will only contain the PKGBUILD
within a single subdirectory.
Addresses FS#28802.
Thanks-to: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/config.inc.php.proto')
0 files changed, 0 insertions, 0 deletions