diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-08-05 23:52:03 +0200 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-08-06 00:00:33 +0200 |
| commit | 237a4570e2a2bbfd39520886f56c5240e6ed4bec (patch) | |
| tree | bdba5a5fd0f92d7e0ea9e57d8066f5b81bafe3d3 /web/html | |
| parent | 13693fbdbc9c6625c627d3364cd00949461a61c6 (diff) | |
| download | aur-237a4570e2a2bbfd39520886f56c5240e6ed4bec.tar.gz aur-237a4570e2a2bbfd39520886f56c5240e6ed4bec.tar.xz | |
Add PCRE_DOLLAR_ENDONLY to preg_match()
When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
| -rw-r--r-- | web/html/pkgsubmit.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index 7d894256..8a48df2a 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -193,7 +193,7 @@ if ($uid): /* Validate package base name. */ if (!$error) { $pkgbase_name = $pkgbase_info['pkgbase']; - if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) { + if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) { $error = __("Invalid name: only lowercase letters are allowed."); } @@ -209,7 +209,7 @@ if ($uid): /* Validate package names. */ $pkg_name = $pi['pkgname']; - if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) { + if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) { $error = __("Invalid name: only lowercase letters are allowed."); break; } |