summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 20:26:13 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 20:49:21 +0200
commita427bd72a7e3d2c74fbe66317c88e44df4b7bc3a (patch)
treeeb06b4e2ba2aadba72bcd1fc362816f4108d2491 /web
parent0a625ae8ff737f471ee4e29853ba57db20352b1a (diff)
downloadaurweb-a427bd72a7e3d2c74fbe66317c88e44df4b7bc3a.tar.xz
Be more restrictive with source tarball contents.
Reject tarballs containing more than one directory or files outside a directory. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgsubmit.php15
1 files changed, 13 insertions, 2 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 954f1ce..05cc866 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -59,17 +59,28 @@ if ($_COOKIE["AURSID"]):
# Extract PKGBUILD into a string
$pkgbuild_raw = '';
+ $dircount = 0;
foreach ($tar->listContent() as $tar_file) {
if (preg_match('/^[^\/]+\/PKGBUILD$/', $tar_file['filename'])) {
$pkgbuild_raw = $tar->extractInString($tar_file['filename']);
+ }
+ elseif (preg_match('/^[^\/]+\/$/', $tar_file['filename'])) {
+ if (++$dircount > 1) {
+ $error = __("Error - source tarball may not contain more than one directory.");
+ break;
+ }
+ }
+ elseif (preg_match('/^[^\/]+$/', $tar_file['filename'])) {
+ $error = __("Error - source tarball may not contain files outside a directory.");
break;
}
elseif (preg_match('/^[^\/]+\/[^\/]+\//', $tar_file['filename'])) {
- $error = __("Error - source tarball may not contain subdirectories.");
+ $error = __("Error - source tarball may not contain nested subdirectories.");
+ break;
}
}
- if (empty($pkgbuild_raw)) {
+ if (!$error && empty($pkgbuild_raw)) {
$error = __("Error trying to unpack upload - PKGBUILD does not exist.");
}
}