summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2013-03-05 11:07:31 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2013-03-05 13:26:35 +0100
commit4bb6e8874237d6b81b46bbaf5726d6f15790594b (patch)
treefadd234032e46f7f23a157194a6c0c1740912f17
parent6dc61e7d9e87ad6821869dab61e5f005af2e0252 (diff)
downloadaurweb-4bb6e8874237d6b81b46bbaf5726d6f15790594b.tar.xz
pkgsubmit.php: Simplify package name validation
Remove redundant filters -- single quotes are already removed in $pkgbuild_new and we do not pass the package name to a shell (additionally, the regular expression already checks for potentially evil characters). Also, move the $pkg_name extraction up to fix the split package check. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/html/pkgsubmit.php18
1 files changed, 6 insertions, 12 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fefb31e..685d5cb 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -268,19 +268,13 @@ if ($uid):
}
}
- # Now we've parsed the pkgbuild, let's move it to where it belongs
- if (!$error && $pkg_name[0] == '(') {
- $error = __("Error - The AUR does not support split packages!");
- }
-
+ # Validate package name
if (!$error) {
- $pkg_name = str_replace("'", "", $new_pkgbuild['pkgname']);
- $pkg_name = escapeshellarg($pkg_name);
- $pkg_name = str_replace("'", "", $pkg_name);
-
- $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name);
-
- if (!$presult) {
+ $pkg_name = $new_pkgbuild['pkgname'];
+ if ($pkg_name[0] == '(') {
+ $error = __("Error - The AUR does not support split packages!");
+ }
+ if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
$error = __("Invalid name: only lowercase letters are allowed.");
}
}