[Fusionforge-commits] FusionForge branch Branch_5_3 updated. 7bcb8fbc19eff7966abad7da6f6154b2ad6edd08

Sylvain Beucler beuc-inria at fusionforge.org
Thu Nov 27 15:10:32 CET 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_3 has been updated
       via  7bcb8fbc19eff7966abad7da6f6154b2ad6edd08 (commit)
      from  6a8144c2b33066e60a2dea3901cb5766e4c40007 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7bcb8fbc19eff7966abad7da6f6154b2ad6edd08
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Nov 27 15:05:57 2014 +0100

    upgrade: ziplatest: normalize paths

diff --git a/src/db/20141105-frs-ziplatest.php b/src/db/20141105-frs-ziplatest.php
index d8ec30d..50966d0 100644
--- a/src/db/20141105-frs-ziplatest.php
+++ b/src/db/20141105-frs-ziplatest.php
@@ -40,6 +40,8 @@ if (class_exists('ZipArchive')) {
 						array($packageArr['pid']));
 		$releaseArr = db_fetch_array($releaseRes);
 		$filesRes = db_query_params('select filename from frs_file where release_id = $1', array($releaseArr['rid']));
+		$packageArr['pname'] = util_secure_filename($packageArr['pname']);
+		$releaseArr['rname'] = util_secure_filename($releaseArr['rname']);
 		if (db_numrows($filesRes)) {
 			$zip = new ZipArchive();
 			$zipPath = forge_get_config('upload_dir').'/'.$packageArr['guxname'].'/'.$packageArr['pname'].'/'.$packageArr['pname'].'-latest.zip';
@@ -50,9 +52,9 @@ if (class_exists('ZipArchive')) {
 				} else {
 					$filesPath = forge_get_config('upload_dir').'/'.$packageArr['guxname'].'/'.$packageArr['pname'].'/'.$releaseArr['rname'];
 					while ($fileArr = db_fetch_array($filesRes)) {
-						$filePath = $filesPath.'/'.$fileArr['filename'];
+						$filePath = $filesPath.'/'.util_secure_filename($fileArr['filename']);
 						if ($zip->addFile($filePath, $fileArr['filename']) !== true) {
-							echo _('Cannot add file to the file archive')._(': ').$fileArr['filename'].' -> '.$zipPath."\n";
+							echo _('Cannot add file to the file archive')._(': ').$filePath.' -> '.$zipPath."\n";
 							$globalStatus = 1;
 						}
 					}

-----------------------------------------------------------------------

Summary of changes:
 src/db/20141105-frs-ziplatest.php |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list