From fb1149a382c8f29ff213a803cd11d83d41ac3a33 Mon Sep 17 00:00:00 2001
From: Ludovic <54670129+lbr38@users.noreply.github.com>
Date: Tue, 21 Jan 2025 17:22:13 +0100
Subject: [PATCH] patch

---
 www/controllers/Gpg.php             | 22 ++++++++++++++--------
 www/controllers/Repo/Source/Rpm.php |  8 +++++---
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/www/controllers/Gpg.php b/www/controllers/Gpg.php
index 2da78840..834315ff 100644
--- a/www/controllers/Gpg.php
+++ b/www/controllers/Gpg.php
@@ -306,6 +306,13 @@ public function import(string $gpgKeyUrl, string $gpgKeyFingerprint, string $gpg
             throw new Exception('Invalid URL');
         }
 
+        /**
+         *  If the user specified a URL in the fingerprint field, quit
+         */
+        if (!empty($gpgKeyFingerprint) and preg_match('#^http(s)?://#', $gpgKeyFingerprint)) {
+            throw new Exception('Invalid fingerprint');
+        }
+
         try {
             /**
              *  Import GPG key from URL
@@ -341,7 +348,7 @@ public function import(string $gpgKeyUrl, string $gpgKeyFingerprint, string $gpg
     /**
      *  Import a file-based GPG key
      */
-    private function importRawContent($fileContent) : array
+    private function importRawContent(string $fileContent) : array
     {
         /**
          *  Quit if user tries to import a GPG from url
@@ -396,8 +403,7 @@ private function importRawContent($fileContent) : array
             }
 
             return $fingerprints;
-        }
-        finally {
+        } finally {
             /**
              *  Delete temp file
              */
@@ -454,7 +460,7 @@ public function importFromUrl(string $url) : array
         curl_setopt($ch, CURLOPT_TIMEOUT, 5);           // set timeout
         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // follow redirect
         curl_setopt($ch, CURLOPT_ENCODING, '');         // use compression if any
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // output content to return
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // output content to return
 
         /**
          *  If a proxy has been specified
@@ -472,7 +478,8 @@ public function importFromUrl(string $url) : array
                  */
                 throw new Exception('curl error: ' . curl_error($ch));
             }
-            elseif (empty($result)) {
+
+            if (empty($result)) {
                 /**
                  *  If key is empty, meaning bad key
                  */
@@ -494,11 +501,10 @@ public function importFromUrl(string $url) : array
                     throw new Exception('file could not be downloaded (http return code is: ' . $status["http_code"] . ')');
                 }
             }
-        }
-        finally {
+        } finally {
             curl_close($ch);
         }
-        
+
         /**
          *  Import GPG key
          */
diff --git a/www/controllers/Repo/Source/Rpm.php b/www/controllers/Repo/Source/Rpm.php
index 22cb520e..743dbcc7 100644
--- a/www/controllers/Repo/Source/Rpm.php
+++ b/www/controllers/Repo/Source/Rpm.php
@@ -28,9 +28,11 @@ public function addReleasever(int $id, string $name)
         /**
          *  Check that a release version with the same name does not already exist
          */
-        foreach ($currentParams['releasever'] as $releasever) {
-            if ($releasever['name'] == $name) {
-                throw new Exception('Release version ' . $name . ' already exists');
+        if (!empty($currentParams['releasever'])) {
+            foreach ($currentParams['releasever'] as $releasever) {
+                if ($releasever['name'] == $name) {
+                    throw new Exception('Release version ' . $name . ' already exists');
+                }
             }
         }