Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.10.15

Bug #5509 addDependecyGroup does not validate group name
Submitted: 2005-09-24 14:50 UTC
From: schst Assigned: cellog
Status: Closed Package: PEAR
PHP Version: Irrelevant OS: Debian
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 42 + 22 = ?

 
 [2005-09-24 14:50 UTC] schst
Description: ------------ The addDependencyGroup() method in PackageFile/v2/rw.php does not validate the group name. So PEAR_PAckageFileManager will add the group and the PEAR installer will complain after releasing the package that the group name is not valid. A patch (untested) is available at http://pear.php-tools.net/diffs/pear-addDependencyGroup.diff Test script: --------------- $package = new PEAR_PackageFileManager2(); $package->addDependencyGroup("invalid-group", "This cannot be used"); Expected result: ---------------- Raising a PEAR_Error Actual result: -------------- No error raised.

Comments

 [2005-09-25 12:50 UTC] pajoye
A "fix" will require a bit more that your patch provides. PEAR_Validate::validGroupName only valids agains a regexp. --Pierre
 [2005-09-25 14:43 UTC] schst
But it validates exactly against the same regexp that is used while installing the package. BTW: You are one of the maintainers, feel free to fix it for real and don't complain about my patch... I don't care about the internals of the installer as long as it works. All I did was check, whether its easy to fix for me and attached a patch. If this is not all that's needed I'm sure Greg will fix it for good. He already emailed me that he will fix it for PEAR 1.41.
 [2005-09-25 17:17 UTC] cellog
Stephan: you have the right idea, this should be validated at package time, but the place to do validation is inside PEAR_PackageFile_v2_Validator, so I'll stick it in there. This will therefore have the desired effect by preventing creation of the package.xml in the first place from PPFM
 [2005-09-25 17:26 UTC] cellog
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.