Skip to content
  • Lukas Fleischer's avatar
    web/html/pkgsubmit.php: Revamp tarball validation · 1f36664e
    Lukas Fleischer authored
    
    
    * Reorder checks.
    * Use simple string functions instead of regular expressions.
    * Check for type flags before validating paths.
    
    The latter ensures we don't treat tarball keywords/flags as directories.
    This avoids problems with bsdtar inserting PaxHeader attributes into the
    archive which look something like the following to Archive_Tar:
    
        PaxHeader/xcursor-protozoa
        xcursor-protozoa/
        xcursor-protozoa/PaxHeader/PKGBUILD
        xcursor-protozoa/PKGBUILD
    
    This only occurs on certain filesystems (e.g. jfs), but the tarball is
    by no means invalid. When extracted, it will only contain the PKGBUILD
    within a single subdirectory.
    
    Addresses FS#28802.
    
    Thanks-to: Dave Reisner <dreisner@archlinux.org>
    Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
    1f36664e