From bffc28e4bf5cfeae4a84746b2794682acf17e187 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Thu, 7 Feb 2019 15:25:36 +0100
Subject: packages/pkginfo.php: check for missing arguments

---
 packages/pkginfo.php | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/packages/pkginfo.php b/packages/pkginfo.php
index 7cf1e5d..022f699 100644
--- a/packages/pkginfo.php
+++ b/packages/pkginfo.php
@@ -5,6 +5,17 @@ $uri_prefix = explode('/', $_SERVER['REQUEST_URI']);
 $uri_prefix = array_slice($uri_prefix, 0, -4);
 $uri_prefix = implode('/', $uri_prefix) . '/';
 
+if ((!array_key_exists('arch', $_GET) &&
+  !array_key_exists('repo_arch', $_GET)) ||
+  !array_key_exists('repo', $_GET) ||
+  !array_key_exists('pkgname', $_GET))
+  throw_http_error(422, 'Unprocessable Entity');
+
+if (!array_key_exists('repo_arch', $_GET)) {
+  $_GET['repo_arch'] = $_GET['arch'];
+  unset($_GET['arch']);
+}
+
 if (($_GET['repo']=='i686') || ($_GET['repo']=='i486') || ($_GET['repo']=='any')) {
   header('Location: /' . $_GET['repo'] . '/' . $_GET['repo_arch'] . '/' . $_GET['pkgname'] . '/');
   error_log('needed redirect URL: ' . $_SERVER['REQUEST_URI'] . ', HTTP_USER_AGENT: ' . $_SERVER['HTTP_USER_AGENT'] . ', HTTP_REFERER: ' . $_SERVER['HTTP_REFERER']);
@@ -40,11 +51,6 @@ require_once BASE . "/lib/style.php";
   else
     $skip_json_checks = true;
 
-  if (!array_key_exists("repo_arch",$_GET)) {
-    $_GET["repo_arch"] = $_GET["arch"];
-    unset($_GET["arch"]);
-  }
-
   if (!$skip_json_checks) {
     $json_content = json_decode(
       file_get_contents(
-- 
cgit v1.2.3