Add PCRE_DOLLAR_ENDONLY to preg_match()

When using preg_match() to check for a match that starts at the beginning of the string and ends at the last character of the string, we do not want to allow an additional newline character to sneak in. Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY modifier prevents users from registering with user names that end with a newline character. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2014-08-05 23:52:03 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2014-08-06 00:00:33 +0200
commit: 237a4570e2a2bbfd39520886f56c5240e6ed4bec (patch)
tree: bdba5a5fd0f92d7e0ea9e57d8066f5b81bafe3d3 /web/lib/acctfuncs.inc.php
parent: 13693fbdbc9c6625c627d3364cd00949461a61c6 (diff)
download: aurweb-237a4570e2a2bbfd39520886f56c5240e6ed4bec.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 254f0e2..e3ff494 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,7 @@ function valid_username($user) {
 	if (strlen($user) < USERNAME_MIN_LEN ||
 	    strlen($user) > USERNAME_MAX_LEN) {
 		return false;
-	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) {
+	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
 		return false;
 	}
author	Lukas Fleischer <archlinux@cryptocrack.de>	2014-08-05 23:52:03 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2014-08-06 00:00:33 +0200
commit	237a4570e2a2bbfd39520886f56c5240e6ed4bec (patch)
tree	bdba5a5fd0f92d7e0ea9e57d8066f5b81bafe3d3 /web/lib/acctfuncs.inc.php
parent	13693fbdbc9c6625c627d3364cd00949461a61c6 (diff)
download	aurweb-237a4570e2a2bbfd39520886f56c5240e6ed4bec.tar.xz