When performing info or multiinfo queries, one can currently either pass package names or package IDs as parameters. As a consequence, it is impossible to search for packages with a numeric package name because numeric arguments are always treated as IDs. Since package IDs are not public anymore these days, simply remove the possibility to search by ID in revision 5 of the RPC interface. Fixes FS#47324. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- web/lib/aurjson.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 9097035..51a7c64 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -346,7 +346,7 @@ class AurJSON { if (!$arg) { continue; } - if (is_numeric($arg)) { + if ($this->version < 5 && is_numeric($arg)) { $id_args[] = intval($arg); } else { $name_args[] = $this->dbh->quote($arg); @@ -405,7 +405,7 @@ class AurJSON { */ private function info($http_data) { $pqdata = $http_data['arg']; - if (is_numeric($pqdata)) { + if ($this->version < 5 && is_numeric($pqdata)) { $where_condition = "Packages.ID = $pqdata"; } else { $where_condition = "Packages.Name = " . $this->dbh->quote($pqdata); -- 2.6.4