From ed1e747847ce6e5f9928505e7fc6630779d91f85 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 23 Jul 2014 15:11:59 +0200 Subject: Verify that the target of merge operations exists Make sure that the target of a merge operation is either empty or an existing package base name. Signed-off-by: Lukas Fleischer --- web/lib/pkgreqfuncs.inc.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'web/lib') diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php index 5b86eaa..41d1515 100644 --- a/web/lib/pkgreqfuncs.inc.php +++ b/web/lib/pkgreqfuncs.inc.php @@ -95,6 +95,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) { return array(false, __("Invalid name: only lowercase letters are allowed.")); } + if (!empty($merge_into) && !pkgbase_from_name($merge_into)) { + return array(false, __("Cannot find package to merge votes and comments into.")); + } + if (empty($comments)) { return array(false, __("The comment field must not be empty.")); } -- cgit v1.2.3-54-g00ecf