[aur-dev] [PATCH] Fix empty depends database insert
In pkgsubmit.php in this part: foreach ($depends as $dep) { $deppkgname = preg_replace("/(<|<=|=|>=|>).*/", "", $dep); $depcondition = str_replace($deppkgname, "", $dep); if ($deppkgname == "#") { break; } $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, mysql_real_escape_string($deppkgname), mysql_real_escape_string($depcondition)); db_query($q, $dbh); } This will pass through the loop at least once in case of pkgdesc=(), adding an empty pkgdepends entry to the database. Easy to avoid by the fact $depends = explode(" ", $new_pkgbuild['depends']); returns false. Best Regards.
On Wed, Jun 29, 2011 at 09:52:07PM +0200, Manuel Tortosa wrote:
In pkgsubmit.php in this part:
foreach ($depends as $dep) { $deppkgname = preg_replace("/(<|<=|=|>=|>).*/", "", $dep); $depcondition = str_replace($deppkgname, "", $dep);
if ($deppkgname == "#") { break; }
$q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, mysql_real_escape_string($deppkgname), mysql_real_escape_string($depcondition));
db_query($q, $dbh); }
This will pass through the loop at least once in case of pkgdesc=(), adding an empty pkgdepends entry to the database.
Easy to avoid by the fact $depends = explode(" ", $new_pkgbuild['depends']); returns false.
Best Regards.
From 7a68ad7dd2d08f14079cbdcd1dd6e4808209b350 Mon Sep 17 00:00:00 2001 From: Manuel <manutortosa@chakra-project.org> Date: Wed, 29 Jun 2011 21:42:55 +0200 Subject: [PATCH] Fix empty database insert in case of depends=() in pkgsubmit.php
Signed-off-by: Manuel <manutortosa@chakra-project.org> --- web/html/pkgsubmit.php | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index fd51c7e..e3803e0 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -369,6 +369,10 @@ if ($uid): break; }
+ if ($deppkgname == false) { + break; + } +
I'd prefer to do this check before entering the actual iteration - maybe even before using explode() to split the string. Good catch tho!
$q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')", $packageID, mysql_real_escape_string($deppkgname), -- 1.7.5.3
participants (2)
-
Lukas Fleischer
-
Manuel Tortosa