&Header::openpage($Lang::tr{'pakfire configuration'}, 1);
&Header::openbigbox('100%', 'left', '', $errormessage);
+
if ($cgiparams{'ACTION'} eq 'install'){
$cgiparams{'INSPAKS'} =~ s/\|/\ /g;
if ("$cgiparams{'FORCE'}" eq "on") {
- my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $cgiparams{'INSPAKS'} &>/dev/null &";
- system("$command");
- system("/bin/sleep 1");
+ # Check for invalid package names.
+ if (&check_input($cgiparams{'INSPAKS'})) {
+ # Assign error message.
+ $errormessage = "$Lang::tr{'pakfire invalid characters in package list'}";
+ } else {
+ my $command = "/usr/local/bin/pakfire install --non-interactive --no-colors $cgiparams{'INSPAKS'} &>/dev/null &";
+ system("$command");
+ system("/bin/sleep 1");
+ }
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'INSPAKS'}`;
exit;
}
} elsif ($cgiparams{'ACTION'} eq 'remove') {
-
$cgiparams{'DELPAKS'} =~ s/\|/\ /g;
if ("$cgiparams{'FORCE'}" eq "on") {
- my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
- system("$command");
- system("/bin/sleep 1");
+ # Check for invalid package names.
+ if (&check_input($cgiparams{'DELPAKS'})) {
+ # Assign error message.
+ $errormessage = "$Lang::tr{'pakfire invalid characters in package list'}";
+ } else {
+ my $command = "/usr/local/bin/pakfire remove --non-interactive --no-colors $cgiparams{'DELPAKS'} &>/dev/null &";
+ system("$command");
+ system("/bin/sleep 1");
+ }
} else {
&Header::openbox("100%", "center", $Lang::tr{'request'});
my @output = `/usr/local/bin/pakfire resolvedeps --no-colors $cgiparams{'DELPAKS'}`;
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
+
+#
+## Function to check a given package list for invalid characters.
+#
+## Valid characters are a-z, A-Z, - and and the underscrore.
+## In case an invalid character will be detected, the function will return true.
+#
+sub check_input (@) {
+ my (@packages) = @_;
+
+ # Loop through the array of given pakages.
+ foreach my $name (@packages) {
+ # Check if it contains any unallowed charackters.
+ unless ($name =~ /^[\w-]+$/) {
+ # An unallowed character has been detected. Return "1" - True.
+ return 1;
+ }
+ }
+}