When performing info or multiinfo queries, one can either pass package names or package IDs are parameters. Currently, strings like "0xdbe" are parsed as package IDs which is not what we want. Change the parser such that only strings matching [0-9]+ are treated as IDs.
Fixes FS#47324. Signed-off-by: Lukas Fleischer <[email protected]> --- web/lib/aurjson.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 9097035..09368df 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -346,7 +346,7 @@ class AurJSON { if (!$arg) { continue; } - if (is_numeric($arg)) { + if (ctype_digit($arg)) { $id_args[] = intval($arg); } else { $name_args[] = $this->dbh->quote($arg); @@ -405,7 +405,7 @@ class AurJSON { */ private function info($http_data) { $pqdata = $http_data['arg']; - if (is_numeric($pqdata)) { + if (ctype_digit($pqdata)) { $where_condition = "Packages.ID = $pqdata"; } else { $where_condition = "Packages.Name = " . $this->dbh->quote($pqdata); -- 2.6.4
