[aur-dev] [PATCH] aurjson: Do not search by ID when argument is numeric
Lukas Fleischer
lfleischer at archlinux.org
Sat Dec 12 21:08:10 UTC 2015
When performing info or multiinfo queries, one can currently either pass
package names or package IDs as parameters. As a consequence, it is
impossible to search for packages with a numeric package name because
numeric arguments are always treated as IDs. Since package IDs are not
public anymore these days, simply remove the possibility to search by ID
in revision 5 of the RPC interface.
Fixes FS#47324.
Suggested-by: Dave Reisner <dreisner at archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
web/lib/aurjson.class.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index 9097035..51a7c64 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -346,7 +346,7 @@ class AurJSON {
if (!$arg) {
continue;
}
- if (is_numeric($arg)) {
+ if ($this->version < 5 && is_numeric($arg)) {
$id_args[] = intval($arg);
} else {
$name_args[] = $this->dbh->quote($arg);
@@ -405,7 +405,7 @@ class AurJSON {
*/
private function info($http_data) {
$pqdata = $http_data['arg'];
- if (is_numeric($pqdata)) {
+ if ($this->version < 5 && is_numeric($pqdata)) {
$where_condition = "Packages.ID = $pqdata";
} else {
$where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);
--
2.6.4
More information about the aur-dev
mailing list