In pkgsubmit.php in this part:
foreach ($depends as $dep) {
$deppkgname = preg_replace("/(<|<=|=|>=|>).*/", "", $dep);
$depcondition = str_replace($deppkgname, "", $dep);
if ($deppkgname == "#") {
break;
}
$q = sprintf("INSERT INTO PackageDepends (PackageID, DepName,
DepCondition) VALUES (%d, '%s', '%s')",
$packageID,
mysql_real_escape_string($deppkgname),
mysql_real_escape_string($depcondition));
db_query($q, $dbh);
}
This will pass through the loop at least once in case of pkgdesc=(), adding an
empty pkgdepends entry to the database.
Easy to avoid by the fact $depends = explode(" ", $new_pkgbuild['depends']);
returns false.
Best Regards.
>From 7a68ad7dd2d08f14079cbdcd1dd6e4808209b350 Mon Sep 17 00:00:00 2001
From: Manuel <[email protected]>
Date: Wed, 29 Jun 2011 21:42:55 +0200
Subject: [PATCH] Fix empty database insert in case of depends=() in
pkgsubmit.php
Signed-off-by: Manuel <[email protected]>
---
web/html/pkgsubmit.php | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fd51c7e..e3803e0 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -369,6 +369,10 @@ if ($uid):
break;
}
+ if ($deppkgname == false) {
+ break;
+ }
+
$q = sprintf("INSERT INTO PackageDepends (PackageID, DepName, DepCondition) VALUES (%d, '%s', '%s')",
$packageID,
mysql_real_escape_string($deppkgname),
--
1.7.5.3
