diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-03-05 11:07:31 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2013-03-05 13:26:35 +0100 |
commit | 4bb6e8874237d6b81b46bbaf5726d6f15790594b (patch) | |
tree | fadd234032e46f7f23a157194a6c0c1740912f17 | |
parent | 6dc61e7d9e87ad6821869dab61e5f005af2e0252 (diff) | |
download | aurweb-4bb6e8874237d6b81b46bbaf5726d6f15790594b.tar.xz |
pkgsubmit.php: Simplify package name validation
Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).
Also, move the $pkg_name extraction up to fix the split package check.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r-- | web/html/pkgsubmit.php | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index fefb31e..685d5cb 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -268,19 +268,13 @@ if ($uid): } } - # Now we've parsed the pkgbuild, let's move it to where it belongs - if (!$error && $pkg_name[0] == '(') { - $error = __("Error - The AUR does not support split packages!"); - } - + # Validate package name if (!$error) { - $pkg_name = str_replace("'", "", $new_pkgbuild['pkgname']); - $pkg_name = escapeshellarg($pkg_name); - $pkg_name = str_replace("'", "", $pkg_name); - - $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); - - if (!$presult) { + $pkg_name = $new_pkgbuild['pkgname']; + if ($pkg_name[0] == '(') { + $error = __("Error - The AUR does not support split packages!"); + } + if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) { $error = __("Invalid name: only lowercase letters are allowed."); } } |