[aur-dev] [PATCH] Sanitize input of package functions in pkg_funcs.inc
Callan Barrett
wizzomafizzo at gmail.com
Sat Oct 4 17:25:31 EDT 2008
Signed-off-by: Callan Barrett <wizzomafizzo at gmail.com>
---
web/lib/pkgfuncs.inc | 32 ++++++++++++++++++++++++++++++++
1 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 06171fa..27b623a 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -1086,6 +1086,12 @@ function pkg_delete ($atype, $ids) {
return __("You did not select any packages to delete.");
}
+ foreach ($ids as $pid) {
+ if (!is_numeric($pid)) {
+ return __("You did not select any packages to delete.");
+ }
+ }
+
# Delete the packages in $ids array (but only if they are Unsupported)
#
$dbh = db_connect();
@@ -1175,6 +1181,16 @@ function pkg_adopt ($atype, $ids, $action = True) {
return __("You did not select any packages to disown.");
}
}
+
+ foreach ($ids as $pid) {
+ if (!is_numeric($pid)) {
+ if ($action) {
+ return __("You did not select any packages to adopt.");
+ } else {
+ return __("You did not select any packages to disown.");
+ }
+ }
+ }
$dbh = db_connect();
@@ -1242,6 +1258,16 @@ function pkg_vote ($atype, $ids, $action = True) {
return __("Your votes have been removed from the selected packages.");
}
}
+
+ foreach ($ids as $pid) {
+ if (!is_numeric($ids)) {
+ if ($action) {
+ return __("You did not select any packages to vote for.");
+ } else {
+ return __("Your votes have been removed from the selected packages.");
+ }
+ }
+ }
$dbh = db_connect();
$my_votes = pkgvotes_from_sid($_COOKIE["AURSID"]);
@@ -1320,6 +1346,12 @@ function pkg_notify ($atype, $ids) {
return __("Couldn't add to notification list.");
}
+ foreach ($ids as $pid) {
+ if (!is_numeric($ids)) {
+ return __("Couldn't add to notification list.");
+ }
+ }
+
$dbh = db_connect();
$uid = uid_from_sid($_COOKIE["AURSID"]);
--
1.6.0.2
More information about the aur-dev
mailing list