Commit 237a4570 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Add PCRE_DOLLAR_ENDONLY to preg_match()



When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.

Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 13693fbd
......@@ -193,7 +193,7 @@ if ($uid):
/* Validate package base name. */
if (!$error) {
$pkgbase_name = $pkgbase_info['pkgbase'];
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) {
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) {
$error = __("Invalid name: only lowercase letters are allowed.");
}
......@@ -209,7 +209,7 @@ if ($uid):
/* Validate package names. */
$pkg_name = $pi['pkgname'];
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) {
$error = __("Invalid name: only lowercase letters are allowed.");
break;
}
......
......@@ -544,7 +544,7 @@ function valid_username($user) {
if (strlen($user) < USERNAME_MIN_LEN ||
strlen($user) > USERNAME_MAX_LEN) {
return false;
} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) {
} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
return false;
}
......
......@@ -91,7 +91,7 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
global $AUR_REQUEST_ML;
global $AUTO_ORPHAN_AGE;
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $merge_into)) {
if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
return array(false, __("Invalid name: only lowercase letters are allowed."));
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment