2 files changed, 11 insertions, 3 deletions

diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php
index 03b31b8..ccb0acd 100644
--- a/web/html/pkgreq.php
+++ b/web/html/pkgreq.php
@@ -9,9 +9,17 @@ set_lang();
 check_sid();
 
 if (isset($base_id)) {
+	if (!has_credential(CRED_PKGREQ_FILE)) {
+		header('Location: /');
+		exit();
+	}
 	html_header(__("File Request"));
 	include('pkgreq_form.php');
 } elseif (isset($pkgreq_id)) {
+	if (!has_credential(CRED_PKGREQ_CLOSE)) {
+		header('Location: /');
+		exit();
+	}
 	html_header(__("Close Request"));
 	$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
 	include('pkgreq_close_form.php');
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index eac95a3..e1963de 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -202,7 +202,7 @@ if ($uid):
 		/* Validate package base name. */
 		if (!$error) {
 			$pkgbase_name = $pkgbase_info['pkgbase'];
-			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) {
+			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) {
 				$error = __("Invalid name: only lowercase letters are allowed.");
 			}
 
@@ -218,7 +218,7 @@ if ($uid):
 
 			/* Validate package names. */
 			$pkg_name = $pi['pkgname'];
-			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
+			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) {
 				$error = __("Invalid name: only lowercase letters are allowed.");
 				break;
 			}
@@ -393,7 +393,7 @@ if ($uid):
 			 * notification list.
 			 */
 			if ($was_orphan) {
-				pkgbase_notify(account_from_sid($_COOKIE["AURSID"]), array($base_id), true);
+				pkgbase_notify(array($base_id), true);
 			}
 
 			end_atomic_commit();