summaryrefslogtreecommitdiff
path: root/web
diff options
context:
space:
mode:
authorCallan Barrett <wizzomafizzo@gmail.com>2008-01-12 01:01:19 +0900
committerDan McGee <dan@archlinux.org>2008-01-20 00:21:20 -0600
commitdbbf50ac9024dddb5ce70b8aa42c828596eb66d3 (patch)
treea1c286f5c540a780440b165e2b4528f2f6df80d7 /web
parentce225727f67f5b65b5f92ec96b074712c290ea63 (diff)
Removes need for name, overwrite and comment fields from pkgsubmit.php
This removes the name, overwrite and comment options from pkgsubmit.php by moving when the tarball is extracted (and where) and when the pkgbuild is parsed so pkgname is taken from the pkgbuild instead of user input Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Diffstat (limited to 'web')
-rw-r--r--web/html/pkgsubmit.php307
-rw-r--r--web/lib/aur.inc22
2 files changed, 123 insertions, 206 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index 46b78cf..e349591 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -29,158 +29,78 @@ if ($_COOKIE["AURSID"]) {
}
if ($_REQUEST["pkgsubmit"]) {
- # If this var is set, then the visitor is uploading a file...
- #
- if (!$_REQUEST["pkgname"]) {
- $error = __("You did not specify a package name.");
- } else {
- $pkg_name = str_replace("'", "", $_REQUEST["pkgname"]);
- $pkg_name = escapeshellarg($pkg_name);
- $pkg_name = str_replace("'", "", $pkg_name); # get rid of single quotes
-
- # Solves the problem when you try to submit PKGBUILD
- # that have the name with a period like (gstreamer0.10)
- # Added support for packages with + characters like (mysql++).
- $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name);
-
- if ($presult == FALSE || $presult <= 0) {
- # FALSE => error processing regex, 0 => invalid characters
- #
- $error = __("Invalid name: only lowercase letters are allowed.");
- }
- }
-
- if (!$error && (!$_REQUEST["comments"] || $_REQUEST["comments"] == '')) {
- $error = __("You must supply a comment for this upload/change.");
- }
-
- if (!$error) {
- # first, see if this package already exists, and if it can be overwritten
- #
- $pkg_exists = package_exists($pkg_name);
- if ($pkg_exists) {
- # ok, it exists - should it be overwritten, and does the user have
- # the permissions to do so?
- #
- if (can_overwrite_pkg($pkg_name, $_COOKIE["AURSID"])) {
- if (!$_REQUEST["overwrite"]) {
- $error = __("You did not tag the 'overwrite' checkbox.");
- }
- } else {
- $error = __("You are not allowed to overwrite the %h%s%h package.",
- array("<b>", $pkg_name, "</b>"));
- }
- }
- }
-
- # TODO check to see if the user has the ability to 'change' package
- # attributes such as location and/or category. Examples: TUs can
- # only add/change packages in Unsupported and the AUR, normal users
- # can only add/change packages in Unsupported.
- #
-
#Before processing, make sure we even have a file
#
if ($_FILES['pfile']['size'] == 0){
$error = __("Error - No file uploaded");
}
+ # temporary dir to put the tarball contents
+ $tempdir = uid_from_sid($_COOKIE['AURSID']) . time();
+
if (!$error) {
- # no errors checking upload permissions, go ahead and try to process
- # the uploaded package file.
- #
-
- $upload_file = UPLOAD_DIR . $_FILES["pfile"]["name"];
-
- if (move_uploaded_file($_FILES["pfile"]["tmp_name"], $upload_file)) {
- # ok, we can proceed
- #
- if (file_exists(INCOMING_DIR . $pkg_name)) {
- # blow away the existing file/dir and contents
- #
- rm_rf(INCOMING_DIR . $pkg_name);
- }
-
- } else {
- # errors uploading file...
- #
- $error = __("Error trying to upload file - please try again.");
- }
- }
-
- # at this point, we can safely unpack the uploaded file and parse
- # its contents.
- #
- if (!$error) {
-
- if (!@mkdir(INCOMING_DIR.$pkg_name)) {
+ if (!@mkdir(UPLOAD_DIR . $tempdir)) {
$error = __("Could not create incoming directory: %s.",
- array(INCOMING_DIR.$pkg_name));
+ array(UPLOAD_DIR . $tempdir));
} else {
- if (!@chdir(INCOMING_DIR.$pkg_name)) {
+ if (!@chdir(UPLOAD_DIR . $tempdir)) {
$error = __("Could not change directory to %s.",
- array(INCOMING_DIR.$pkg_name));
+ array(UPLOAD_DIR . $tempdir));
} else {
- # try .gz first
- #
- exec("/bin/sh -c 'tar xzf ".$upload_file."'", $trash, $retval);
- if (!$retval) {
- # now try .bz2 format
- #
- exec("/bin/sh -c 'tar xjf ".$upload_file."'", $trash, $retval);
+ exec("/bin/sh -c 'tar xzf " . $_FILES["pfile"]["tmp_name"] . "'", $trash, $retval);
+ if ($retval) {
+ exec("/bin/sh -c 'tar xjf " . $_FILES["pfile"]["tmp_name"] . "'", $trash, $retval);
}
- if (!$retval) {
+ if ($retval) {
$error = __("Unknown file format for uploaded file.");
}
}
}
}
- # At this point, if no error exists, the package has been extracted
- # There should be a INCOMING_DIR.$pkg_name."/".$pkg_name directory
- # if the user packaged it correctly. However, if the file was
- # packaged without the $pkg_name subdirectory, try and create it
- # and move the package contents into the new sub-directory.
- #
+ # where is the pkgbuild?!
if (!$error) {
- if (is_dir(INCOMING_DIR.$pkg_name."/".$pkg_name) &&
- is_file(INCOMING_DIR.$pkg_name."/".$pkg_name."/PKGBUILD")) {
- # the files were packaged correctly
- #
- if (!@chdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) {
- $error = __("Could not change to directory %s.",
- array(INCOMING_DIR.$pkg_name."/".$pkg_name));
+ $d = dir(UPLOAD_DIR . $tempdir);
+
+ $pkgbuild = "";
+ $deepdir = "";
+ while ($file = $d->read()) {
+ # try to find a PKGBUILD in the top level (naughty! :O) and
+ # also the first directory found to use for the next part if required
+ if ($file == "PKGBUILD") {
+ $pkgbuild = UPLOAD_DIR . $tempdir . "/PKGBUILD";
+ $pkg_dir = UPLOAD_DIR . $tempdir;
+ break;
+ } else if (is_dir($file)) {
+ # we'll assume the first directory we find is the one with
+ # the pkgbuild in it
+ if ($file != "." && $file != "..") {
+ $deepdir = $file;
+ break;
+ }
}
- $pkg_dir = INCOMING_DIR.$pkg_name."/".$pkg_name;
- } elseif (is_file(INCOMING_DIR.$pkg_name."/PKGBUILD")) {
- # not packaged correctly, but recovery may be possible.
- # try and create INCOMING_DIR.$pkg_name."/".$pkg_name and
- # move package contents into the new dir
- #
- if (!@mkdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) {
- $error = __("Could not create directory %s.",
- array(INCOMING_DIR.$pkg_name."/".$pkg_name));
- } else {
- exec("/bin/sh -c 'mv * ".$pkg_name."'");
- if (!file_exists(INCOMING_DIR.$pkg_name."/".$pkg_name."/PKGBUILD")) {
- $error = __("Error exec'ing the mv command.");
+ }
+
+ # if we couldn't find a pkgbuild in the top level we'll
+ # check in the first dir we found, if it's not there we assume
+ # there isn't any (even if there was the user should upload a proper tarball)
+ if ($pkgbuild == "" && $deepdir != "") {
+ $d = dir(UPLOAD_DIR . $tempdir . "/" . $deepdir);
+ while ($file = $d->read()) {
+ if ($file == "PKGBUILD") {
+ # oh my
+ $pkgbuild = UPLOAD_DIR . $tempdir . "/" . $deepdir ."/PKGBUILD";
+ $pkg_dir = UPLOAD_DIR . $tempdir . "/" . $deepdir;
+ break;
}
}
- if (!@chdir(INCOMING_DIR.$pkg_name."/".$pkg_name)) {
- $error = __("Could not change to directory %s.",
- array(INCOMING_DIR.$pkg_name."/".$pkg_name));
+ if ($pkgbuild == "") {
+ $error = __("Error trying to unpack upload - PKGBUILD does not exist.");
}
- $pkg_dir = INCOMING_DIR.$pkg_name."/".$pkg_name;
- } else {
- # some wierd packaging/extraction error - baal
- #
- $error = __("Error trying to unpack upload - PKGBUILD does not exist.");
}
- }
- $shcmd = "/bin/mv ".$upload_file." ";
- $shcmd.= escapeshellarg(INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]);
- @exec($shcmd);
+ # we know where our pkgbuild is now, woot woot
+ }
# if no error, get list of directory contents and process PKGBUILD
#
@@ -191,7 +111,7 @@ if ($_COOKIE["AURSID"]) {
$pkg_contents = array();
while ($f = $d->read()) {
if ($f != "." && $f != "..") {
- $pkg_contents[$f] = filesize($f);
+ $pkg_contents[$f] = filesize($pkg_dir . "/" . $f);
if (preg_match("/^(.*\.pkg\.tar\.gz|filelist)$/", $f)) {
$error = __("Binary packages and filelists are not allowed for upload.");
}
@@ -285,7 +205,7 @@ if ($_COOKIE["AURSID"]) {
# variable has a value. This does not do any validity checking
# on the values, or attempts to fix line continuation/wrapping.
#
- if (!$seen_build_function) {
+ if (!$seen_build_function) {
$error = __("Missing build function in PKGBUILD.");
}
if (!array_key_exists("md5sums", $pkgbuild)) {
@@ -300,24 +220,20 @@ if ($_COOKIE["AURSID"]) {
if (!array_key_exists("pkgdesc", $pkgbuild)) {
$error = __("Missing pkgdesc variable in PKGBUILD.");
}
- if (!array_key_exists("license", $pkgbuild)) {
- $error = __("Missing license variable in PKGBUILD.");
- }
+ if (!array_key_exists("license", $pkgbuild)) {
+ $error = __("Missing license variable in PKGBUILD.");
+ }
if (!array_key_exists("pkgrel", $pkgbuild)) {
$error = __("Missing pkgrel variable in PKGBUILD.");
}
if (!array_key_exists("pkgver", $pkgbuild)) {
$error = __("Missing pkgver variable in PKGBUILD.");
}
- if (!array_key_exists("arch", $pkgbuild)) {
- $error = __("Missing arch variable in PKGBUILD.");
- }
+ if (!array_key_exists("arch", $pkgbuild)) {
+ $error = __("Missing arch variable in PKGBUILD.");
+ }
if (!array_key_exists("pkgname", $pkgbuild)) {
$error = __("Missing pkgname variable in PKGBUILD.");
- } else {
- if ($pkgbuild["pkgname"] != $pkg_name) {
- $error = __("Package names do not match.");
- }
}
}
@@ -352,20 +268,70 @@ if ($_COOKIE["AURSID"]) {
}
}
+ # now we've parsed the pkgbuild, let's move it to where it belongs
+ #
+ if (!$error) {
+ $pkg_name = str_replace("'", "", $pkgbuild['pkgname']);
+ $pkg_name = escapeshellarg($pkg_name);
+ $pkg_name = str_replace("'", "", $pkg_name); # get rid of single quotes
+
+ # Solves the problem when you try to submit PKGBUILD
+ # that have the name with a period like (gstreamer0.10)
+ # Added support for packages with + characters like (mysql++).
+ $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name);
+
+ if ($presult == FALSE || $presult <= 0) {
+ # FALSE => error processing regex, 0 => invalid characters
+ #
+ $error = __("Invalid name: only lowercase letters are allowed.");
+ }
+ }
+
+ if (!$error) {
+ # first, see if this package already exists, and if it can be overwritten
+ #
+ $pkg_exists = package_exists($pkg_name);
+ if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) {
+ if (file_exists(INCOMING_DIR . $pkg_name)) {
+ # blow away the existing file/dir and contents
+ #
+ rm_rf(INCOMING_DIR . $pkg_name);
+ }
+
+ if (!@mkdir(INCOMING_DIR.$pkg_name)) {
+ $error = __("Could not create directory %s.",
+ array(INCOMING_DIR.$pkg_name));
+ }
+
+ $shcmd = "/bin/mv " . $pkg_dir . " " . escapeshellarg(INCOMING_DIR . $pkg_name . "/" . $pkg_name);
+ @exec($shcmd);
+ } else {
+ $error = __("You are not allowed to overwrite the %h%s%h package.",
+ array("<b>", $pkg_name, "</b>"));
+ }
+ }
+
# Re-tar the package for consistency's sake
#
if (!$error) {
if (!@chdir(INCOMING_DIR.$pkg_name)) {
$error = __("Could not change directory to %s.",
- array(INCOMING_DIR.$pkg_name));
+ array(INCOMING_DIR.$pkg_name));
}
}
+
if (!$error) {
@exec("/bin/sh -c 'tar czf ".$pkg_name.".tar.gz ".$pkg_name."'", $trash, $retval);
if ($retval) {
$error = __("Could not re-tar");
}
}
+
+ # whether it failed or not we can clean this out
+ if (file_exists(UPLOAD_DIR . $tempdir)) {
+ rm_rf(UPLOAD_DIR . $tempdir);
+ }
+
# update the backend database
#
if (!$error) {
@@ -461,16 +427,6 @@ if ($_COOKIE["AURSID"]) {
$q .= $pdata["ID"].", '".mysql_real_escape_string($v)."')";
db_query($q, $dbh);
}
-
- # add upload history
- #
- $q = "INSERT INTO PackageComments ";
- $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES (";
- $q.= $pdata["ID"] . ", " . uid_from_sid($_COOKIE['AURSID']);
- $q.= ", '" . mysql_real_escape_string($_REQUEST["comments"]);
- $q.= "', UNIX_TIMESTAMP())";
- db_query($q);
-
} else {
# this is a brand new package
#
@@ -533,17 +489,11 @@ if ($_COOKIE["AURSID"]) {
$q .= $packageID.", '".mysql_real_escape_string($v)."')";
db_query($q, $dbh);
}
-
- # add upload history
- #
- $q = "INSERT INTO PackageComments ";
- $q.= "(PackageID, UsersID, Comments, CommentTS) VALUES (";
- $q.= $packageID . ", " . uid_from_sid($_COOKIE["AURSID"]) . ", '";
- $q.= mysql_real_escape_string($_REQUEST["comments"]);
- $q.= "', UNIX_TIMESTAMP())";
- db_query($q, $dbh);
}
}
+
+ # must chdir because include dirs are relative!
+ chdir($_SERVER['DOCUMENT_ROOT']);
}
@@ -554,13 +504,13 @@ if ($_COOKIE["AURSID"]) {
if (ini_get("file_uploads")) {
if ($error) {
print "<span class='error'>".$error."</span><br />\n";
- print "<br />&nbsp;<br />\n";
+ print "<br />\n";
}
- if ($warning) {
- print "<br><span class='error'>".$warning."</span><br />\n";
- print "<br />&nbsp;<br />\n";
- }
+ if ($warning) {
+ print "<br><span class='error'>".$warning."</span><br />\n";
+ print "<br />\n";
+ }
$pkg_categories = pkgCategories();
$pkg_locations = pkgLocations();
@@ -573,13 +523,6 @@ if ($_COOKIE["AURSID"]) {
print "<table border='0' cellspacing='5'>\n";
print "<tr>\n";
print " <td span='f4' align='right'>";
- print __("Package name").":</td>\n";
- print " <td span='f4' align='left'>";
- print "<input type='text' name='pkgname' size='30' maxlength='32' />\n";
- print " </td>\n";
- print "</tr>\n";
- print "<tr>\n";
- print " <td span='f4' align='right'>";
print __("Package Category").":</td>\n";
print " <td span='f4' align='left'>";
print "<select name='category'>";
@@ -607,31 +550,11 @@ if ($_COOKIE["AURSID"]) {
print "<input type='file' name='pfile' size='30' />\n";
print " </td>\n";
print "</tr>\n";
- print "<tr>\n";
- print " <td span='f4' align='right'>";
- print __("Overwrite existing package?");
- print " </td>\n";
- print " <td span='f4' align='left'>";
- print "<input type='radio' name='overwrite' value='1'> ".__("Yes");
- print "&nbsp;&nbsp;&nbsp;";
- print "<input type='radio' name='overwrite' value='0' checked> ";
- print __("No");
- print " </td>\n";
- print "</tr>\n";
- print "<tr>\n";
- print " <td valign='top' span='f4' align='right'>";
- print __("Comment").":</td>\n";
- print " <td span='f4' align='left'>";
- print "<textarea rows='10' cols='50' name='comments'></textarea>";
- print " </td>\n";
- print "</tr>\n";
print "<tr>\n";
print " <td>&nbsp;</td>\n";
print " <td align='left'>";
print "<input class='button' type='submit' value='".__("Upload")."' />\n";
- print "&nbsp;&nbsp;&nbsp;";
- print "<input class='button' type='reset' value='".__("Reset")."' />\n";
print "</td>\n";
print "</tr>\n";
print "</table>\n";
@@ -646,7 +569,7 @@ if ($_COOKIE["AURSID"]) {
if ($warning) {
print "<span class='warning'>".$warning."</span><br />\n";
- print "<br />&nbsp;<br />\n";
+ print "<br />\n";
}
}
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index 0258060..c18365c 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -7,6 +7,7 @@ header('Pragma: no-cache');
include_once("version.inc");
include_once("config.inc");
include_once("aur_po.inc");
+// TODO: remove this, move translations over for login form
include_once("index_po.inc");
# TODO do we need to set the domain on cookies? I seem to remember some
@@ -425,29 +426,22 @@ function dbug($msg) {
return;
}
-# check to see if the user can overwrite an existing package
+# check to see if the user can submit a package
#
-function can_overwrite_pkg($name="", $sid="") {
+function can_submit_pkg($name="", $sid="") {
if (!$name || !$sid) {return 0;}
$dbh = db_connect();
- $q = "SELECT SubmitterUID, MaintainerUID, AURMaintainerUID ";
+ $q = "SELECT MaintainerUID ";
$q.= "FROM Packages WHERE Name = '".mysql_real_escape_string($name)."'";
$result = db_query($q, $dbh);
- if (!$result) {return 0;}
+ if (mysql_num_rows($result) == 0) {return 1;}
$row = mysql_fetch_row($result);
$my_uid = uid_from_sid($sid);
- # user is a dev and maintains the package
- #
- if ($my_uid == $row[2]) {return 1;}
-
- # user is a TU and there is no dev
- #
- if (!$row[2] && $my_uid == $row[1]) {return 1;}
+ if ($row[0] == $my_uid) {
+ return 1;
+ }
- # user is a user and there is no TU or dev
- #
- if (!$row[2] && !$row[1] && $my_uid == $row[0]) {return 1;}
return 0;
}