Merge branch 'maint'

author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-09-05 17:09:03 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-09-05 17:09:03 +0200
commit: 675b7e3d02033c469df7720105b9b8bef9aedb1d (patch)
tree: d26bd979e66d9c620adb1077922834448b740fba /web
parent: e411ef1d809a98d14b494afdfc47b07962770684 (diff)
parent: e1687f18302a49b5d1b57aceb703fffe09c76375 (diff)
download: aurweb-675b7e3d02033c469df7720105b9b8bef9aedb1d.tar.xz
2 files changed, 18 insertions, 6 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index a5cc0c0..36f74bf 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -311,6 +311,18 @@ if ($uid):
 				$pkg_version = sprintf('%s-%s', $new_pkgbuild['pkgver'], $new_pkgbuild['pkgrel']);
 			}
 
+			# Check the category to use, "1" meaning "none" (or "keep category" for
+			# existing packages).
+			if (isset($_POST['category'])) {
+				$category_id = intval($_POST['category']);
+				if ($category_id <= 0) {
+					$category_id = 1;
+				}
+			}
+			else {
+				$category_id = 1;
+			}
+
 			if ($pdata) {
 				# This is an overwrite of an existing package, the database ID
 				# needs to be preserved so that any votes are retained. However,
@@ -324,9 +336,9 @@ if ($uid):
 				db_query($q, $dbh);
 
 				# If a new category was chosen, change it to that
-				if ($_POST['category'] > 1) {
+				if ($category_id > 1) {
 					$q = sprintf( "UPDATE Packages SET CategoryID = %d WHERE ID = %d",
-						mysql_real_escape_string($_REQUEST['category']),
+						$category_id,
 						$packageID);
 
 					db_query($q, $dbh);
@@ -350,7 +362,7 @@ if ($uid):
 					mysql_real_escape_string($new_pkgbuild['pkgname']),
 					mysql_real_escape_string($new_pkgbuild['license']),
 					mysql_real_escape_string($pkg_version),
-					mysql_real_escape_string($_REQUEST['category']),
+					$category_id,
 					mysql_real_escape_string($new_pkgbuild['pkgdesc']),
 					mysql_real_escape_string($new_pkgbuild['url']),
 					$uid,
diff --git a/web/template/login_form.php b/web/template/login_form.php
index b351a27..c27e9ba 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -11,7 +11,7 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
 		print "<span class='error'>" . $login_error . "</span><br />\n";
 	}
 ?>
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) ?>">
 	<div>
 	<label for="user"><?php print __('Username') . ':'; ?></label>
 	<input type="text" name="user" id="user" size="30" maxlength="<?php print USERNAME_MAX_LEN; ?>" value="<?php
@@ -31,8 +31,8 @@ elseif (!$DISABLE_HTTP_LOGIN || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']))
 else {
 ?>
 <span class='error'>
-	<?php echo __("HTTP login is disabled. Please switch to HTTPs if you want to login: "); ?>
-	<a href="https://aur.archlinux.org/">https://aur.archlinux.org/</a>
+	<?php printf(__("HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."),
+		'<a href="https://aur.archlinux.org' . htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES) . '">', '</a>'); ?>
 </span>
 <?php } ?>
 </div>
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-09-05 17:09:03 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-09-05 17:09:03 +0200
commit	675b7e3d02033c469df7720105b9b8bef9aedb1d (patch)
tree	d26bd979e66d9c620adb1077922834448b740fba /web
parent	e411ef1d809a98d14b494afdfc47b07962770684 (diff)
parent	e1687f18302a49b5d1b57aceb703fffe09c76375 (diff)
download	aurweb-675b7e3d02033c469df7720105b9b8bef9aedb1d.tar.xz