external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

pkgsubmit.php: Simplify package name validation

Browse source 
Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).

Also, move the $pkg_name extraction up to fix the split package check.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2013-03-05 11:07:31 +01:00
parent 6dc61e7d9e
commit 4bb6e88742
1 changed files with 6 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
web/html/pkgsubmit.php
View file

@ -268,19 +268,13 @@ if ($uid):
} }
} }
# Now we've parsed the pkgbuild, let's move it to where it belongs # Validate package name
if (!$error && $pkg_name[0] == '(') {
$error = __("Error - The AUR does not support split packages!");
}
if (!$error) { if (!$error) {
$pkg_name = str_replace("'", "", $new_pkgbuild['pkgname']); $pkg_name = $new_pkgbuild['pkgname'];
$pkg_name = escapeshellarg($pkg_name); if ($pkg_name[0] == '(') {
$pkg_name = str_replace("'", "", $pkg_name); $error = __("Error - The AUR does not support split packages!");
}
$presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
if (!$presult) {
$error = __("Invalid name: only lowercase letters are allowed."); $error = __("Invalid name: only lowercase letters are allowed.");
} }
} }