From b69f548065e78d14afcdc91548d73539762f8d93 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 2 Feb 2011 18:03:09 +0100 Subject: Add a package name blacklist. Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer --- UPGRADING | 6 ++++++ support/schema/aur-schema.sql | 9 +++++++++ web/html/pkgsubmit.php | 9 +++++++++ web/lib/pkgfuncs.inc | 23 +++++++++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/UPGRADING b/UPGRADING index c649985..c5da23a 100644 --- a/UPGRADING +++ b/UPGRADING @@ -27,6 +27,12 @@ ALTER TABLE PackageSources MODIFY Source VARCHAR(255) NOT NULL DEFAULT "/dev/null"; ALTER TABLE TU_VoteInfo MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL; +CREATE TABLE PackageBlacklist ( + ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, + Name CHAR(64) NOT NULL, + PRIMARY KEY (ID), + UNIQUE (Name) +); ---- 2. Drop all fulltext indexes from the "Packages" table: diff --git a/support/schema/aur-schema.sql b/support/schema/aur-schema.sql index d37e1b2..dbfc87e 100644 --- a/support/schema/aur-schema.sql +++ b/support/schema/aur-schema.sql @@ -177,6 +177,15 @@ CREATE TABLE CommentNotify ( ); CREATE UNIQUE INDEX NotifyUserIDPkgID ON CommentNotify (UserID, PkgID); +-- Package name blacklist +-- +CREATE TABLE PackageBlacklist ( + ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, + Name CHAR(64) NOT NULL, + PRIMARY KEY (ID), + UNIQUE (Name) +); + -- Vote information -- CREATE TABLE IF NOT EXISTS TU_VoteInfo ( diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 2b11b7b..9ef90a7 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -215,6 +215,15 @@ if ($_COOKIE["AURSID"]): $incoming_pkgdir = INCOMING_DIR . $pkg_name; } + if (!$error) { + # Check if package name is blacklisted. + if (pkgname_is_blacklisted($pkg_name)) { + if (!canSubmitBlacklisted(account_from_sid($_COOKIE["AURSID"]))) { + $error = __( "%s is on the package blacklist, please check if it's available in the official repos.", $pkg_name); + } + } + } + if (!$error) { # First, see if this package already exists, and if it can be overwritten $pkg_exists = package_exists($pkg_name); diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc index 28211f9..2f69321 100644 --- a/web/lib/pkgfuncs.inc +++ b/web/lib/pkgfuncs.inc @@ -64,6 +64,18 @@ function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) { return 0; } +# Check if the current user can submit blacklisted packages. +# +function canSubmitBlacklisted($atype = "") { + if ($atype == "Trusted User" || $atype == "Developer") { + # Only TUs/Devs can submit blacklisted packages. + return TRUE; + } + else { + return FALSE; + } +} + # grab the current list of PackageCategories # function pkgCategories() { @@ -286,6 +298,17 @@ function pkgname_from_id($id="") { return $id; } +# Check if a package name is blacklisted. +# +function pkgname_is_blacklisted($name) { + $dbh = db_connect(); + $q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'"; + $result = db_query($q, $dbh); + + if (!$result) return false; + return (mysql_result($result, 0) > 0); +} + # display package details # function package_details($id=0, $SID="") { -- cgit v1.2.3-70-g09d2