php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #56129 patch to verify version numbers on release upload
Submitted: 2004-07-12 11:46 UTC Modified: 2006-12-26 23:23 UTC
From: cellog@php.net Assigned: danielc (profile)
Status: Closed Package: PECL website (PECL)
PHP Version: Irrelevant OS: na
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cellog@php.net
New email:
PHP Version: OS:

 

 [2004-07-12 11:46 UTC] cellog@php.net 
Description:
------------
I'm out of town and can't easily verify this patch.  However, if it works, please commit it.

Index: public_html/release-upload.php
===================================================================
RCS file: /repository/pearweb/public_html/release-upload.php,v
retrieving revision 1.39
diff -u -r1.39 release-upload.php
--- public_html/release-upload.php	22 Jun 2004 04:00:37 -0000	1.39
+++ public_html/release-upload.php	12 Jul 2004 15:44:44 -0000
@@ -216,6 +216,12 @@
                  . 'You may want to correct your package.xml file:');
 
     // XXX ADD MASSIVE SANITY CHECKS HERE
+    
+    $version = $info['version'];
+    if (!preg_match('/^\d+\.\d+\.\d+(?:[a-z]+\d*)?$/', $version)) {
+        report_error('Version must in format digit.digit.digit[lower-case alpha[digits]]', 'errors','ERRORS:<br />'
+                 . 'You must correct your package.xml file:');
+    }
 
     $check = array(
         'summary',

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-12 12:21 UTC] danielc at analysisandsolutions dot com 
Greg:

Is it possible, please, to add this check to the package-validate procedures in the PEAR base classees?  Then, use that validation in release::validateUpload() include/pear-database.php?

Thanks,

--Dan
 [2004-07-12 15:22 UTC] mj@php.net 
Pushing this patch into the installer code base will make it impossible to use the installer in environments where other naming schemes apply.
 [2004-07-12 15:48 UTC] danielc at analysisandsolutions dot com 
Martin: good point.  Can you please apply the changes to pearweb?

Greg: guess this could be incorporated into the package-validate stuff via the new channels support.
 [2004-07-13 02:01 UTC] danielc at analysisandsolutions dot com 
Fixed in CVS.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Oct 22 20:00:01 2025 UTC