[Fusionforge-commits] FusionForge branch Branch_5_3 updated. 7bcb8fbc19eff7966abad7da6f6154b2ad6edd08
Sylvain Beucler
beuc-inria at fusionforge.org
Thu Nov 27 15:10:32 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, Branch_5_3 has been updated
via 7bcb8fbc19eff7966abad7da6f6154b2ad6edd08 (commit)
from 6a8144c2b33066e60a2dea3901cb5766e4c40007 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7bcb8fbc19eff7966abad7da6f6154b2ad6edd08
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date: Thu Nov 27 15:05:57 2014 +0100
upgrade: ziplatest: normalize paths
diff --git a/src/db/20141105-frs-ziplatest.php b/src/db/20141105-frs-ziplatest.php
index d8ec30d..50966d0 100644
--- a/src/db/20141105-frs-ziplatest.php
+++ b/src/db/20141105-frs-ziplatest.php
@@ -40,6 +40,8 @@ if (class_exists('ZipArchive')) {
array($packageArr['pid']));
$releaseArr = db_fetch_array($releaseRes);
$filesRes = db_query_params('select filename from frs_file where release_id = $1', array($releaseArr['rid']));
+ $packageArr['pname'] = util_secure_filename($packageArr['pname']);
+ $releaseArr['rname'] = util_secure_filename($releaseArr['rname']);
if (db_numrows($filesRes)) {
$zip = new ZipArchive();
$zipPath = forge_get_config('upload_dir').'/'.$packageArr['guxname'].'/'.$packageArr['pname'].'/'.$packageArr['pname'].'-latest.zip';
@@ -50,9 +52,9 @@ if (class_exists('ZipArchive')) {
} else {
$filesPath = forge_get_config('upload_dir').'/'.$packageArr['guxname'].'/'.$packageArr['pname'].'/'.$releaseArr['rname'];
while ($fileArr = db_fetch_array($filesRes)) {
- $filePath = $filesPath.'/'.$fileArr['filename'];
+ $filePath = $filesPath.'/'.util_secure_filename($fileArr['filename']);
if ($zip->addFile($filePath, $fileArr['filename']) !== true) {
- echo _('Cannot add file to the file archive')._(': ').$fileArr['filename'].' -> '.$zipPath."\n";
+ echo _('Cannot add file to the file archive')._(': ').$filePath.' -> '.$zipPath."\n";
$globalStatus = 1;
}
}
-----------------------------------------------------------------------
Summary of changes:
src/db/20141105-frs-ziplatest.php | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list