revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 11:22:40 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/diffusion
History
epriestley 969d0c3e8d Use "\z" instead of "$" to anchor validating regular expressions 
Summary:
Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression `/^A$/` matches two strings: `"A"`, and `"A\n"`.

When we care about this, use `\z` instead, which matches "end of input" only.

This allowed registration of `"username\n"` and similar.

Test Plan:
  - Grepped codebase for all calls to `preg_match()` / `preg_match_all()`.
  - Fixed the ones where this seemed like it could have an impact.
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8516
2014-03-13 12:42:41 -07:00
..
application Add a Diffusion repository remarkup rule 2013-12-31 11:08:08 -08:00
capability Add global "push" policy to Repositories 2013-10-29 15:32:40 -07:00
conduit Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
config Specify an ssh port for Diffusion when running against the grain 2013-12-11 12:11:13 -08:00
controller Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
data Remove DiffusionBranchInformation in favor of DiffusionRepositoryRef 2014-01-17 16:10:56 -08:00
doorkeeper Remove loadMemberPHIDs from PhabricatorProject 2013-10-06 17:07:08 -07:00
engine Apply "enormous changes" rules to pre-commit content rules too 2014-01-06 12:12:30 -08:00
events Various linter fixes. 2014-02-26 12:44:58 -08:00
exception Reject dangerous changes in Git repositories by default 2013-12-03 10:28:39 -08:00
herald Add "pusher is committer" to Herald as a pre-commit rule 2014-03-12 15:24:33 -07:00
panel Don't prompt to upgrade unset passwords 2014-02-20 08:12:04 -08:00
protocol Fix loop in svnserve workflow for large binaries 2013-12-18 17:48:29 -08:00
query Allow parenthesis in author name 2014-03-06 11:28:46 -08:00
remarkup Add a Diffusion repository remarkup rule 2013-12-31 11:08:08 -08:00
request Remove DiffusionBranchInformation in favor of DiffusionRepositoryRef 2014-01-17 16:10:56 -08:00
response Allow Phabricator to serve Mercurial repositories over HTTP 2013-11-06 18:00:42 -08:00
ssh Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
view Remove DiffusionBranchInformation in favor of DiffusionRepositoryRef 2014-01-17 16:10:56 -08:00
DiffusionLintSaveRunner.php Fix the script that saves lint for a repo into the database and updates diffusion. 2014-03-11 13:07:45 -07:00