From 8921e4deb946967b7cdd4007ab7e989f7b31573a Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Sat, 5 Apr 2014 02:40:16 +0200 Subject: Do not allow for overwriting arbitrary packages A package should only be overwritten if it already belongs to the package base that is trying to overwrite it. Signed-off-by: Lukas Fleischer --- web/lib/aur.inc.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'web/lib/aur.inc.php') diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index e786e50..16aa261 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -312,6 +312,25 @@ function can_submit_pkgbase($name="", $sid="") { return 0; } +/** + * Determine if a package can be overwritten by some package base + * + * @param string $name Name of the package to be submitted + * @param int $base_id The ID of the package base + * + * @return bool True if the package can be overwritten, false if not + */ +function can_submit_pkg($name, $base_id) { + $dbh = DB::connect(); + $q = "SELECT COUNT(*) FROM Packages WHERE "; + $q.= "Name = " . $dbh->quote($name) . " AND "; + $q.= "PackageBaseID <> " . intval($base_id); + $result = $dbh->query($q); + + if (!$result) return false; + return ($result->fetchColumn() == 0); +} + /** * Recursively delete a directory * -- cgit v1.2.3-70-g09d2