| commit | 1f36664e9f55b175472436973a238aa36bd58bb2 | |
| author | Lukas Fleischer <archlinux@cryptocrack.de> | |
| Mon, 19 Mar 2012 22:18:48 +0000 (19 23:18 +0100) | ||
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | |
| Mon, 19 Mar 2012 22:29:58 +0000 (19 23:29 +0100) | ||
| tree | 6edfb49d7d8ba0369e88eabbf4e708ae96646816 | treesnapshot (tar.gz zip) |
| parent | 1e29bd2217f4320d3df156c448bf16aaeaec53d6 | commitdiff |
web/html/pkgsubmit.php: Revamp tarball validation
* Reorder checks.
* Use simple string functions instead of regular expressions.
* Check for type flags before validating paths.
The latter ensures we don't treat tarball keywords/flags as directories.
This avoids problems with bsdtar inserting PaxHeader attributes into the
archive which look something like the following to Archive_Tar:
PaxHeader/xcursor-protozoa
xcursor-protozoa/
xcursor-protozoa/PaxHeader/PKGBUILD
xcursor-protozoa/PKGBUILD
This only occurs on certain filesystems (e.g. jfs), but the tarball is
by no means invalid. When extracted, it will only contain the PKGBUILD
within a single subdirectory.
Addresses FS#28802.
Thanks-to: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
* Reorder checks.
* Use simple string functions instead of regular expressions.
* Check for type flags before validating paths.
The latter ensures we don't treat tarball keywords/flags as directories.
This avoids problems with bsdtar inserting PaxHeader attributes into the
archive which look something like the following to Archive_Tar:
PaxHeader/xcursor-protozoa
xcursor-protozoa/
xcursor-protozoa/PaxHeader/PKGBUILD
xcursor-protozoa/PKGBUILD
This only occurs on certain filesystems (e.g. jfs), but the tarball is
by no means invalid. When extracted, it will only contain the PKGBUILD
within a single subdirectory.
Addresses FS#28802.
Thanks-to: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
| web/html/pkgsubmit.php | diffblobblamehistory |