Commit 06b70993 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Validate package base name when filing requests



Make sure that the package base to merge into does not contain any
invalid characters.

Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent e141c6c3
......@@ -97,7 +97,12 @@ if (check_token()) {
} elseif (current_action("do_ChangeCategory")) {
list($ret, $output) = pkgbase_change_category($base_id, $atype);
} elseif (current_action("do_FileRequest")) {
list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']);
if (empty($_POST['merge_into']) || preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $_POST['merge_into'])) {
list($ret, $output) = pkgreq_file($ids, $_POST['type'], $_POST['merge_into'], $_POST['comments']);
} else {
$output = __("Invalid name: only lowercase letters are allowed.");
$ret = false;
}
} elseif (current_action("do_CloseRequest")) {
list($ret, $output) = pkgreq_close($_POST['reqid'], false);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment