[aur-dev] [PATCH 4/4] Check permissions when uploading source packages
Lukas Fleischer
archlinux at cryptocrack.de
Tue May 6 15:28:58 EDT 2014
All files contained in the source tarball must have permissions of 644
or 755. All directories must have permissions of 755.
Implements FS#27754.
Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
web/html/pkgsubmit.php | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 51d0203..f07580b 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -90,6 +90,9 @@ if ($uid):
if (strchr($tar_file['filename'], '/') === false) {
$error = __("Error - source tarball may not contain files outside a directory.");
break;
+ } elseif ($tar_file['mode'] != 0644 && $tar_file['mode'] != 0755) {
+ $error = __("Error - all files must have permissions of 644 or 755.");
+ break;
} elseif (substr($tar_file['filename'], -9) == '/PKGBUILD') {
$pkgbuild_raw = $tar->extractInString($tar_file['filename']);
} elseif (substr($tar_file['filename'], -9) == '/.AURINFO') {
@@ -102,6 +105,9 @@ if ($uid):
} elseif (++$dircount > 1) {
$error = __("Error - source tarball may not contain more than one directory.");
break;
+ } elseif ($tar_file['mode'] != 0755) {
+ $error = __("Error - all directories must have permissions of 755.");
+ break;
}
}
}
--
1.9.2
More information about the aur-dev
mailing list