[aur-dev] [PATCH] aurjson: Do not interpret hexadecimal strings as IDs
Lukas Fleischer
lfleischer at archlinux.org
Sat Dec 12 17:38:01 UTC 2015
When performing info or multiinfo queries, one can either pass package
names or package IDs are parameters. Currently, strings like "0xdbe" are
parsed as package IDs which is not what we want. Change the parser such
that only strings matching [0-9]+ are treated as IDs.
Fixes FS#47324.
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
web/lib/aurjson.class.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 9097035..09368df 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -346,7 +346,7 @@ class AurJSON {
if (!$arg) {
continue;
}
- if (is_numeric($arg)) {
+ if (ctype_digit($arg)) {
$id_args[] = intval($arg);
} else {
$name_args[] = $this->dbh->quote($arg);
@@ -405,7 +405,7 @@ class AurJSON {
*/
private function info($http_data) {
$pqdata = $http_data['arg'];
- if (is_numeric($pqdata)) {
+ if (ctype_digit($pqdata)) {
$where_condition = "Packages.ID = $pqdata";
} else {
$where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);
--
2.6.4
More information about the aur-dev
mailing list