1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-29 08:50:58 +01:00
phorge-phorge/src/applications/diffusion/ssh
epriestley 969d0c3e8d Use "\z" instead of "$" to anchor validating regular expressions
Summary:
Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression `/^A$/` matches two strings: `"A"`, and `"A\n"`.

When we care about this, use `\z` instead, which matches "end of input" only.

This allowed registration of `"username\n"` and similar.

Test Plan:
  - Grepped codebase for all calls to `preg_match()` / `preg_match_all()`.
  - Fixed the ones where this seemed like it could have an impact.
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8516
2014-03-13 12:42:41 -07:00
..
__tests__ Added some additional assertion methods. 2014-03-08 19:16:21 -08:00
DiffusionSSHGitReceivePackWorkflow.php Install pre-commit hooks in Git repositories 2013-12-02 15:45:36 -08:00
DiffusionSSHGitUploadPackWorkflow.php Install pre-commit hooks in Git repositories 2013-12-02 15:45:36 -08:00
DiffusionSSHGitWorkflow.php Wait for the Git client to disconnect before exiting in Git SSH workflows 2013-11-11 12:27:28 -08:00
DiffusionSSHMercurialServeWorkflow.php Support Mercurial pretxnchangegroup hooks 2013-12-02 15:46:03 -08:00
DiffusionSSHMercurialWireClientProtocolChannel.php Enable Mercurial reads and writes over SSH 2013-11-11 12:18:27 -08:00
DiffusionSSHMercurialWorkflow.php Enable Mercurial reads and writes over SSH 2013-11-11 12:18:27 -08:00
DiffusionSSHSubversionServeWorkflow.php Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
DiffusionSSHSubversionWorkflow.php Support serving SVN repositories over SSH 2013-11-11 12:19:06 -08:00
DiffusionSSHWorkflow.php Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00