summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-23 15:37:31 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-23 17:53:28 +0200
commit48ae736068f9953ba69c91190ef7eb7b056c2b50 (patch)
tree67520237779498ac88abcffe5ed3695d65c1a774 /web
parent446d4537d4caab1bb76a9612c1a16f5060618673 (diff)
downloadaurweb-48ae736068f9953ba69c91190ef7eb7b056c2b50.tar.xz
Prevent merging a package base with itself
Instead of deleting the package, show an error message if a user tries to merge a package base with itself. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgbase.php11
-rw-r--r--web/lib/pkgreqfuncs.inc.php4
2 files changed, 11 insertions, 4 deletions
diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 4f35a67..691639c 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -69,12 +69,15 @@ if (check_token()) {
}
else {
$merge_base_id = pkgbase_from_name($_POST['merge_Into']);
- if ($merge_base_id) {
- list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via);
- unset($_GET['ID']);
- } else {
+ if (!$merge_base_id) {
$output = __("Cannot find package to merge votes and comments into.");
$ret = false;
+ } elseif (in_array($merge_base_id, $ids)) {
+ $output = __("Cannot merge a package base with itself.");
+ $ret = false;
+ } else {
+ list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via);
+ unset($_GET['ID']);
}
}
}
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 41d1515..8fba838 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -110,6 +110,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
$base_id = intval($ids[0]);
$pkgbase_name = pkgbase_name_from_id($base_id);
+ if ($merge_into == $pkgbase_name) {
+ return array(false, __("Cannot merge a package base with itself."));
+ }
+
$q = "SELECT ID FROM RequestTypes WHERE Name = " . $dbh->quote($type);
$result = $dbh->query($q);
if ($row = $result->fetch(PDO::FETCH_ASSOC)) {