Add PCRE_DOLLAR_ENDONLY to preg_match()

When using preg_match() to check for a match that starts at the
beginning of the string and ends at the last character of the string, we
do not want to allow an additional newline character to sneak in.
Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY
modifier prevents users from registering with user names that end with a
newline character.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

web/html/pkgsubmit.php

@@ -193,7 +193,7 @@ if ($uid):
 		/* Validate package base name. */
 		if (!$error) {
 			$pkgbase_name = $pkgbase_info['pkgbase'];
-			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbase_name)) {
+			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkgbase_name)) {
 				$error = __("Invalid name: only lowercase letters are allowed.");
 			}
 
@@ -209,7 +209,7 @@ if ($uid):
 
 			/* Validate package names. */
 			$pkg_name = $pi['pkgname'];
-			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
+			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $pkg_name)) {
 				$error = __("Invalid name: only lowercase letters are allowed.");
 				break;
 			}

web/lib/acctfuncs.inc.php

@@ -544,7 +544,7 @@ function valid_username($user) {
 	if (strlen($user) < USERNAME_MIN_LEN ||
 	    strlen($user) > USERNAME_MAX_LEN) {
 		return false;
-	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) {
+	} else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
 		return false;
 	}
 

web/lib/pkgreqfuncs.inc.php

@@ -91,7 +91,7 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 	global $AUR_REQUEST_ML;
 	global $AUTO_ORPHAN_AGE;
 
-	if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $merge_into)) {
+	if (!empty($merge_into) && !preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/D", $merge_into)) {
 		return array(false, __("Invalid name: only lowercase letters are allowed."));
 	}