From 8921e4deb946967b7cdd4007ab7e989f7b31573a Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Sat, 5 Apr 2014 02:40:16 +0200
Subject: Do not allow for overwriting arbitrary packages

A package should only be overwritten if it already belongs to the
package base that is trying to overwrite it.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/aur.inc.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'web/lib/aur.inc.php')

diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index e786e50..16aa261 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -312,6 +312,25 @@ function can_submit_pkgbase($name="", $sid="") {
 	return 0;
 }
 
+/**
+ * Determine if a package can be overwritten by some package base
+ *
+ * @param string $name Name of the package to be submitted
+ * @param int $base_id The ID of the package base
+ *
+ * @return bool True if the package can be overwritten, false if not
+ */
+function can_submit_pkg($name, $base_id) {
+	$dbh = DB::connect();
+	$q = "SELECT COUNT(*) FROM Packages WHERE ";
+	$q.= "Name = " . $dbh->quote($name) . " AND ";
+	$q.= "PackageBaseID <> " . intval($base_id);
+	$result = $dbh->query($q);
+
+	if (!$result) return false;
+	return ($result->fetchColumn() == 0);
+}
+
 /**
  * Recursively delete a directory
  *
-- 
cgit v1.2.3-54-g00ecf