php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56129 patch to verify version numbers on release upload
Submitted: 2004-07-12 11:46 UTC Modified: 2006-12-26 23:23 UTC
From: cellog@php.net Assigned: danielc (profile)
Status: Closed Package: PECL website (PECL)
PHP Version: Irrelevant OS: na
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cellog@php.net
New email:
PHP Version: OS:

 

 [2004-07-12 11:46 UTC] cellog@php.net
Description:
------------
I'm out of town and can't easily verify this patch.  However, if it works, please commit it.

Index: public_html/release-upload.php
===================================================================
RCS file: /repository/pearweb/public_html/release-upload.php,v
retrieving revision 1.39
diff -u -r1.39 release-upload.php
--- public_html/release-upload.php	22 Jun 2004 04:00:37 -0000	1.39
+++ public_html/release-upload.php	12 Jul 2004 15:44:44 -0000
@@ -216,6 +216,12 @@
                  . 'You may want to correct your package.xml file:');
 
     // XXX ADD MASSIVE SANITY CHECKS HERE
+    
+    $version = $info['version'];
+    if (!preg_match('/^\d+\.\d+\.\d+(?:[a-z]+\d*)?$/', $version)) {
+        report_error('Version must in format digit.digit.digit[lower-case alpha[digits]]', 'errors','ERRORS:<br />'
+                 . 'You must correct your package.xml file:');
+    }
 
     $check = array(
         'summary',



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-12 12:21 UTC] danielc at analysisandsolutions dot com
Greg:

Is it possible, please, to add this check to the package-validate procedures in the PEAR base classees?  Then, use that validation in release::validateUpload() include/pear-database.php?

Thanks,

--Dan
 [2004-07-12 15:22 UTC] mj@php.net
Pushing this patch into the installer code base will make it impossible to use the installer in environments where other naming schemes apply.
 [2004-07-12 15:48 UTC] danielc at analysisandsolutions dot com
Martin: good point.  Can you please apply the changes to pearweb?

Greg: guess this could be incorporated into the package-validate stuff via the new channels support.
 [2004-07-13 02:01 UTC] danielc at analysisandsolutions dot com
Fixed in CVS.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 01 13:05:53 2022 UTC