[cvs] web/pdb browse.php, 1.1.2.23, 1.1.2.24 header.inc, 1.10.2.4, 1.10.2.5 package.php, 1.43.2.22, 1.43.2.23

Christian Schaffner Tue, 28 Aug 2007 14:36:26 -0700

Update of /cvsroot/fink/web/pdb
In directory sc8-pr-cvs17:/tmp/cvs-serv11274


Modified Files:
      Tag: redesign_pdb
        browse.php header.inc package.php 
Log Message:
- Check for invalid parameters and print a warning message, if invalid
- Link to correct version and release of split-offs and parent
  on package.php


Index: package.php
===================================================================
RCS file: /cvsroot/fink/web/pdb/package.php,v
retrieving revision 1.43.2.22
retrieving revision 1.43.2.23
diff -u -d -r1.43.2.22 -r1.43.2.23
--- package.php 11 Mar 2007 21:46:01 -0000      1.43.2.22
+++ package.php 28 Aug 2007 21:36:16 -0000      1.43.2.23
@@ -18,11 +18,11 @@
 
 
 // Get url parameters
-$version = get_safe_param('version', '/^[0-9\-.:]+$/');
-$distribution = get_safe_param('distribution', '/^[a-z0-9\-.]+$/');
-$release = get_safe_param('release', '/^[0-9.]{3,}$|^unstable$|^stable$/');
-$architecture = get_safe_param('architecture', '/^powerpc$|^i386$/');
-$rel_id = get_safe_param('rel_id', '/^[0-9]+$/');
+list($version, $inv_p) = get_safe_param('version', '/^[0-9\-.:]+$/');
+list($distribution, $inv_p) = get_safe_param('distribution', 
'/^[a-z0-9\-.]+$/');
+list($release, $inv_p) = get_safe_param('release', 
'/^[0-9.]{3,}$|^unstable$|^stable$/');
+list($architecture, $inv_p) = get_safe_param('architecture', 
'/^powerpc$|^i386$/');
+list($rel_id, $inv_p) = get_safe_param('rel_id', '/^[0-9]+$/');
 
 // TODO/FIXME: Do we really need all the params above? On the other hand --
 // if the user clicks on a specific package version, shouldn't we select
@@ -138,6 +138,22 @@
      $close_tag,
    );
  }
+ 
+ function link_to_package($package, $vers, $rel_id, $description='') {
+   $pkg_str = '<a href="'.$package;
+   if ($vers) {
+     $pkg_str .= '?version='.$vers;
+     if ($rel_id)
+       $pkg_str .= '&rel_id='.$rel_id;
+   }
+   elseif ($rel_id)
+     $pkg_str .= '?rel_id='.$rel_id;
+   $pkg_str .= '">'.$package.'</a> ';
+   if ($description)
+     $pkg_str .= htmlentities($description);
+   return $pkg_str;
+ }
+
 
  print '<table class="pkgversion" cellspacing="2" border="0">'."\n";
 
@@ -183,10 +199,10 @@
    
    while ($rel_row = mysql_fetch_array($qrel)) {
      $type = $rel_row['type'];
-     $version = $rel_row["version"]."-".$rel_row["revision"];
+     $rel_version = $rel_row["version"]."-".$rel_row["revision"];
      if($rel_row["epoch"] > 0)
-       $version = $rel_row["epoch"].":".$version;
-     $pkg_release[$type]["version"] = $version;
+       $rel_version = $rel_row["epoch"].":".$rel_version;
+     $pkg_release[$type]["version"] = $rel_version;
      $pkg_release[$type]["restrictive"] = 
(strcasecmp($rel_row["license"],'Restrictive')==0);
      $pkg_release[$type]["rel_id"] = $rel_row['rel_id'];
      $pkg_release[$type]["pkg_id"] = $rel_row['pkg_id'];
@@ -276,7 +292,7 @@
     it_item("License:", '<a 
href="http://fink.sourceforge.net/doc/packaging/policy.php#licenses";>'.$pkg2disp[license].'</a>');
   }
   if ($pkg2disp[parentname]) {
-    it_item("Parent:", '<a 
href="'.$pdbroot.'package.php/'.$pkg2disp[parentname].'">'.$pkg2disp[parentname].'</a>');
+    it_item("Parent:", link_to_package($pkg2disp[parentname], $version, 
$rel_id));
   }
   if ($pkg2disp[infofile]) {
     # where the info file sits on a local Fink installation
@@ -294,9 +310,9 @@
          print '<p><b>error during query:</b> '.mysql_error().'</p>';
        } else {
          if($row = mysql_fetch_array($rs))
-           it_item("SplitOffs:", '<a 
href="'.$pdbroot.'package.php/'.$row["name"].'">'.$row["name"].'</a> 
'.htmlentities($row["descshort"]));
+           it_item("SplitOffs:", link_to_package($row["name"], $version, 
$rel_id, $row["descshort"]));
          while ($row = mysql_fetch_array($rs)) {
-               it_item(" ", '<a 
href="'.$pdbroot.'package.php/'.$row["name"].'">'.$row["name"].'</a> 
'.htmlentities($row["descshort"]));
+               it_item(" ", link_to_package($row["name"], $version, $rel_id, 
$row["descshort"]));
          }
        }
   it_end();

Index: header.inc
===================================================================
RCS file: /cvsroot/fink/web/pdb/header.inc,v
retrieving revision 1.10.2.4
retrieving revision 1.10.2.5
diff -u -d -r1.10.2.4 -r1.10.2.5
--- header.inc  17 Feb 2007 19:42:09 -0000      1.10.2.4
+++ header.inc  28 Aug 2007 21:36:16 -0000      1.10.2.5
@@ -63,6 +63,7 @@
 // cut off very long values, to make unforseen SQL injection hacks more 
difficult.
 function get_safe_param($param_name, $valid_regexp='.*', $max_length=35) {
   $param_name = $_GET[$param_name];
+  if ($param_name) $has_param_name = true;
   if (strlen($param_name) > $max_length || !preg_match($valid_regexp, 
$param_name)) {
     $param_name = '';
   } else {
@@ -70,7 +71,14 @@
     if (strlen($param_name) > $max_length || !preg_match($valid_regexp, 
$param_name))
       $param_name = '';
   }
-  return $param_name;
+  if ($has_param_name && !$param_name)
+    $invalid_param = true;
+  else
+    $invalid_param = false;
+  return array (
+    $param_name,
+    $invalid_param,
+  );
 }
  
 

Index: browse.php
===================================================================
RCS file: /cvsroot/fink/web/pdb/browse.php,v
retrieving revision 1.1.2.23
retrieving revision 1.1.2.24
diff -u -d -r1.1.2.23 -r1.1.2.24
--- browse.php  26 Aug 2007 14:43:58 -0000      1.1.2.23
+++ browse.php  28 Aug 2007 21:36:16 -0000      1.1.2.24
@@ -144,10 +144,15 @@
 
 // Read url parameters
 // NOTE: You have to change the parameter list at the top of this file as well
-$maintainer = get_safe_param('maintainer', '/[EMAIL PROTECTED]&\'\\\ ]+$/');
-$name = get_safe_param('name', '/^[a-z0-9+\-.%]+$/');
-$summary = get_safe_param('summary', '/.*/');
-$nolist = get_safe_param('nolist', '/on/');
+$invalid_param = false;
+list($maintainer, $inv_p) = get_safe_param('maintainer', '/[EMAIL 
PROTECTED]&\'\\\ ]+$/');
+$invalid_param = $invalid_param || $inv_p;
+list($name, $inv_p) = get_safe_param('name', '/^[a-z0-9+\-.%]+$/');
+$invalid_param = $invalid_param || $inv_p;
+list($summary, $inv_p) = get_safe_param('summary', '/.*/');
+$invalid_param = $invalid_param || $inv_p;
+list($nolist, $inv_p) = get_safe_param('nolist', '/on/');
+$invalid_param = $invalid_param || $inv_p;
 
 // Extract the distribution
 $dist = $_GET['dist'];
@@ -187,6 +192,7 @@
 <input name="submit" type="submit" value="Search">
 <input type="reset" value="Clear Form">
 <br>
+<?if ($invalid_param) print '<p class="attention">Invalid Input 
Parameters!</p>';?>
 <br>
 
 <span class="expand_adv_options">
@@ -248,7 +254,7 @@
 
 <?
 
-if (!$nolist) {
+if (!$nolist && !$invalid_param) {
 
 //
 // Build the big query string


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Fink-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-commits

[cvs] web/pdb browse.php, 1.1.2.23, 1.1.2.24 header.inc, 1.10.2.4, 1.10.2.5 package.php, 1.43.2.22, 1.43.2.23

Reply via email to