[aur-dev] [PATCH] Fix empty depends database insert
Lukas Fleischer
archlinux at cryptocrack.de
Wed Jun 29 17:01:28 EDT 2011
On Wed, Jun 29, 2011 at 09:52:07PM +0200, Manuel Tortosa wrote:
> In pkgsubmit.php in this part:
>
> foreach ($depends as $dep) {
> $deppkgname = preg_replace("/(<|<=|=|>=|>).*/", "", $dep);
> $depcondition = str_replace($deppkgname, "", $dep);
>
> if ($deppkgname == "#") {
> break;
> }
>
> $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName,
> DepCondition) VALUES (%d, '%s', '%s')",
> $packageID,
> mysql_real_escape_string($deppkgname),
> mysql_real_escape_string($depcondition));
>
> db_query($q, $dbh);
> }
>
> This will pass through the loop at least once in case of pkgdesc=(), adding an
> empty pkgdepends entry to the database.
>
> Easy to avoid by the fact $depends = explode(" ", $new_pkgbuild['depends']);
> returns false.
>
> Best Regards.
> >From 7a68ad7dd2d08f14079cbdcd1dd6e4808209b350 Mon Sep 17 00:00:00 2001
> From: Manuel <manutortosa at chakra-project.org>
> Date: Wed, 29 Jun 2011 21:42:55 +0200
> Subject: [PATCH] Fix empty database insert in case of depends=() in
> pkgsubmit.php
>
>
> Signed-off-by: Manuel <manutortosa at chakra-project.org>
> ---
> web/html/pkgsubmit.php | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
> index fd51c7e..e3803e0 100644
> --- a/web/html/pkgsubmit.php
> +++ b/web/html/pkgsubmit.php
> @@ -369,6 +369,10 @@ if ($uid):
> break;
> }
>
> + if ($deppkgname == false) {
> + break;
> + }
> +
I'd prefer to do this check before entering the actual iteration - maybe
even before using explode() to split the string.
Good catch tho!
> $q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')",
> $packageID,
> mysql_real_escape_string($deppkgname),
> --
> 1.7.5.3
>
More information about the aur-dev
mailing list