[aur-dev] [PATCH] aurjson: Do not interpret hexadecimal strings as IDs
When performing info or multiinfo queries, one can either pass package names or package IDs are parameters. Currently, strings like "0xdbe" are parsed as package IDs which is not what we want. Change the parser such that only strings matching [0-9]+ are treated as IDs. Fixes FS#47324. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- web/lib/aurjson.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 9097035..09368df 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -346,7 +346,7 @@ class AurJSON { if (!$arg) { continue; } - if (is_numeric($arg)) { + if (ctype_digit($arg)) { $id_args[] = intval($arg); } else { $name_args[] = $this->dbh->quote($arg); @@ -405,7 +405,7 @@ class AurJSON { */ private function info($http_data) { $pqdata = $http_data['arg']; - if (is_numeric($pqdata)) { + if (ctype_digit($pqdata)) { $where_condition = "Packages.ID = $pqdata"; } else { $where_condition = "Packages.Name = " . $this->dbh->quote($pqdata); -- 2.6.4
On Sat, 12 Dec 2015 at 18:38:01, Lukas Fleischer wrote:
When performing info or multiinfo queries, one can either pass package names or package IDs are parameters. Currently, strings like "0xdbe" are parsed as package IDs which is not what we want. Change the parser such that only strings matching [0-9]+ are treated as IDs.
Fixes FS#47324.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- web/lib/aurjson.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [...]
Dave and me just discussed this patch on IRC. I will drop this from pu and replace it with another patch that removes the possibility to search by package IDs altogether.
participants (1)
-
Lukas Fleischer