This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, 6.0 has been updated
via 746150c04ac76b999dd7cb753ce5cedc0fcbe00f (commit)
from 8e18554f7026a53a0c56573198e129de725aa2a2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 746150c04ac76b999dd7cb753ce5cedc0fcbe00f
Author: Franck Villaume <[email protected]>
Date: Sun Jun 7 11:20:02 2015 +0200
fix [#774]: secure package & release name. same error already fixed in
[#733]
diff --git a/src/db/20141106-frs-zip-per-release.php
b/src/db/20141106-frs-zip-per-release.php
index 3f6de8c..fe3a996 100644
--- a/src/db/20141106-frs-zip-per-release.php
+++ b/src/db/20141106-frs-zip-per-release.php
@@ -38,6 +38,8 @@ if (class_exists('ZipArchive')) {
while ($packageArr = db_fetch_array($packagesRes)) {
$releasesRes = db_query_params('select distinct
frs_release.release_id as rid, frs_release.name as rname from
frs_release,frs_file where frs_release.package_id = $1 and frs_file.release_id
= frs_release.release_id',
array($packageArr['pid']));
+ $packageArr['pname'] =
util_secure_filename($packageArr['pname']);
+ $releaseArr['rname'] =
util_secure_filename($releaseArr['rname']);
while ($releaseArr = db_fetch_array($releasesRes)) {
$filesRes = db_query_params('select filename from
frs_file where release_id = $1', array($releaseArr['rid']));
if (db_numrows($filesRes)) {
@@ -52,7 +54,7 @@ if (class_exists('ZipArchive')) {
while ($fileArr =
db_fetch_array($filesRes)) {
$filePath =
$filesPath.'/'.$fileArr['filename'];
if
($zip->addFile($filePath, $fileArr['filename']) !== true) {
- echo _('Cannot
add file to the file archive')._(': ').$fileArr['filename'].' ->
'.$zipPath."\n";
+ echo _('Cannot
add file to the file archive')._(': ').$filePath.' -> '.$zipPath."\n";
$globalStatus =
1;
}
}
-----------------------------------------------------------------------
Summary of changes:
src/db/20141106-frs-zip-per-release.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/db/20141106-frs-zip-per-release.php
b/src/db/20141106-frs-zip-per-release.php
index 3f6de8c..fe3a996 100644
--- a/src/db/20141106-frs-zip-per-release.php
+++ b/src/db/20141106-frs-zip-per-release.php
@@ -38,6 +38,8 @@ if (class_exists('ZipArchive')) {
while ($packageArr = db_fetch_array($packagesRes)) {
$releasesRes = db_query_params('select distinct
frs_release.release_id as rid, frs_release.name as rname from
frs_release,frs_file where frs_release.package_id = $1 and frs_file.release_id
= frs_release.release_id',
array($packageArr['pid']));
+ $packageArr['pname'] =
util_secure_filename($packageArr['pname']);
+ $releaseArr['rname'] =
util_secure_filename($releaseArr['rname']);
while ($releaseArr = db_fetch_array($releasesRes)) {
$filesRes = db_query_params('select filename from
frs_file where release_id = $1', array($releaseArr['rid']));
if (db_numrows($filesRes)) {
@@ -52,7 +54,7 @@ if (class_exists('ZipArchive')) {
while ($fileArr =
db_fetch_array($filesRes)) {
$filePath =
$filesPath.'/'.$fileArr['filename'];
if
($zip->addFile($filePath, $fileArr['filename']) !== true) {
- echo _('Cannot
add file to the file archive')._(': ').$fileArr['filename'].' ->
'.$zipPath."\n";
+ echo _('Cannot
add file to the file archive')._(': ').$filePath.' -> '.$zipPath."\n";
$globalStatus =
1;
}
}
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
