external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removed code for tarball extraction.

Browse source 
Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2010-11-04 18:10:56 +01:00
parent 233f67b87e
commit ec0dfc27de
3 changed files with 38 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/template/pkg_details.php
View file

@ -77,8 +77,9 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
<p><span class='f3'>
<?php
if ($row['LocationID'] == 2) {
$urlpath = URL_DIR . $row['Name'] . '/' . $row['Name'];
print "<a href='$urlpath.tar.gz'>".__("Tarball")."</a> :: <a href='$urlpath'>".__("Files")."</a> :: <a href='$urlpath/PKGBUILD'>PKGBUILD</a></span>";
$urlpath = URL_DIR . $row['Name'];
print "<a href='$urlpath/" . $row['Name'] . ".tar.gz'>".__("Tarball")."</a> :: ";
print "<a href='$urlpath/PKGBUILD'>".__("PKGBUILD")."</a></span>";
}
if ($row["OutOfDateTS"] !== NULL) {