A package should only be overwritten if it already belongs to the package base that is trying to overwrite it.
Signed-off-by: Lukas Fleischer <[email protected]> --- web/html/pkgsubmit.php | 44 +++++++++++++++++++++++--------------------- web/lib/aur.inc.php | 19 +++++++++++++++++++ 2 files changed, 42 insertions(+), 21 deletions(-) diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 13a67d8..cf5e03b 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -410,33 +410,35 @@ if ($uid): } /* Upload PKGBUILD and tarball. */ - if (!$error) { - /* - * First, check whether this package already exists and - * whether it can be overwritten. - */ - if (can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) { - if (file_exists($incoming_pkgdir)) { - /* - * Blow away the existing directory and - * its contents. - */ - rm_tree($incoming_pkgdir); - } + if (!$error && !can_submit_pkgbase($pkgbase_name, $_COOKIE["AURSID"])) { + $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkgbase_name, "</strong>"); + } - /* - * The mode is masked by the current umask, so - * not as scary as it looks. - */ - if (!mkdir($incoming_pkgdir, 0777, true)) { - $error = __( "Could not create directory %s.", $incoming_pkgdir); + if (!$error) { + foreach ($pkginfo as $pi) { + if (!can_submit_pkg($pi['pkgname'], $base_id)) { + $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pi['pkgname'], "</strong>"); + break; } - } else { - $error = __( "You are not allowed to overwrite the %s%s%s package.", "<strong>", $pkg_name, "</strong>"); } } if (!$error) { + /* + * Blow away the existing directory and its contents. + */ + if (file_exists($incoming_pkgdir)) { + rm_tree($incoming_pkgdir); + } + + /* + * The mode is masked by the current umask, so not as + * scary as it looks. + */ + if (!mkdir($incoming_pkgdir, 0777, true)) { + $error = __( "Could not create directory %s.", $incoming_pkgdir); + } + if (!chdir($incoming_pkgdir)) { $error = __("Could not change directory to %s.", $incoming_pkgdir); } diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index e786e50..16aa261 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -313,6 +313,25 @@ function can_submit_pkgbase($name="", $sid="") { } /** + * Determine if a package can be overwritten by some package base + * + * @param string $name Name of the package to be submitted + * @param int $base_id The ID of the package base + * + * @return bool True if the package can be overwritten, false if not + */ +function can_submit_pkg($name, $base_id) { + $dbh = DB::connect(); + $q = "SELECT COUNT(*) FROM Packages WHERE "; + $q.= "Name = " . $dbh->quote($name) . " AND "; + $q.= "PackageBaseID <> " . intval($base_id); + $result = $dbh->query($q); + + if (!$result) return false; + return ($result->fetchColumn() == 0); +} + +/** * Recursively delete a directory * * @param string $dirname Name of the directory to be removed -- 1.9.1
