external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add permission checks to the request feature

Browse source 
* Only show the request form to users that are logged in.
* Only show the close request form to Trusted Users and developers.
* Check for a valid login in pkgreq_file().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-08-08 11:47:06 +02:00
parent d61b34f255
commit 218ccf51e3
3 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/lib/pkgreqfuncs.inc.php
View file

@ -91,6 +91,10 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
global $AUR_REQUEST_ML;
global $AUTO_ORPHAN_AGE;
if (!has_credential(CRED_PKGREQ_FILE)) {
return array(false, __("You must be logged in to file package requests."));
}
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
return array(false, __("Invalid name: only lowercase letters are allowed."));
}