From 4bb6e8874237d6b81b46bbaf5726d6f15790594b Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 5 Mar 2013 11:07:31 +0100 Subject: pkgsubmit.php: Simplify package name validation Remove redundant filters -- single quotes are already removed in $pkgbuild_new and we do not pass the package name to a shell (additionally, the regular expression already checks for potentially evil characters). Also, move the $pkg_name extraction up to fix the split package check. Signed-off-by: Lukas Fleischer --- web/html/pkgsubmit.php | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'web') diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index fefb31e..685d5cb 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -268,19 +268,13 @@ if ($uid): } } - # Now we've parsed the pkgbuild, let's move it to where it belongs - if (!$error && $pkg_name[0] == '(') { - $error = __("Error - The AUR does not support split packages!"); - } - + # Validate package name if (!$error) { - $pkg_name = str_replace("'", "", $new_pkgbuild['pkgname']); - $pkg_name = escapeshellarg($pkg_name); - $pkg_name = str_replace("'", "", $pkg_name); - - $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); - - if (!$presult) { + $pkg_name = $new_pkgbuild['pkgname']; + if ($pkg_name[0] == '(') { + $error = __("Error - The AUR does not support split packages!"); + } + if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) { $error = __("Invalid name: only lowercase letters are allowed."); } } -- cgit v1.2.3-70-g09d2