Prevent merging a package base with itself

Instead of deleting the package, show an error message if a user tries
to merge a package base with itself.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

2 files changed, 11 insertions, 4 deletions

diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 4f35a67..691639c 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -69,12 +69,15 @@ if (check_token()) {
 			}
 			else {
 				$merge_base_id = pkgbase_from_name($_POST['merge_Into']);
-				if ($merge_base_id) {
-					list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via);
-					unset($_GET['ID']);
-				} else {
+				if (!$merge_base_id) {
 					$output = __("Cannot find package to merge votes and comments into.");
 					$ret = false;
+				} elseif (in_array($merge_base_id, $ids)) {
+					$output = __("Cannot merge a package base with itself.");
+					$ret = false;
+				} else {
+					list($ret, $output) = pkgbase_delete($ids, $merge_base_id, $via);
+					unset($_GET['ID']);
 				}
 			}
 		}
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index 41d1515..8fba838 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -110,6 +110,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 	$base_id = intval($ids[0]);
 	$pkgbase_name = pkgbase_name_from_id($base_id);
 
+	if ($merge_into == $pkgbase_name) {
+		return array(false, __("Cannot merge a package base with itself."));
+	}
+
 	$q = "SELECT ID FROM RequestTypes WHERE Name = " . $dbh->quote($type);
 	$result = $dbh->query($q);
 	if ($row = $result->fetch(PDO::FETCH_ASSOC)) {