1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications/diviner
epriestley 969d0c3e8d Use "\z" instead of "$" to anchor validating regular expressions
Summary:
Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression `/^A$/` matches two strings: `"A"`, and `"A\n"`.

When we care about this, use `\z` instead, which matches "end of input" only.

This allowed registration of `"username\n"` and similar.

Test Plan:
  - Grepped codebase for all calls to `preg_match()` / `preg_match_all()`.
  - Fixed the ones where this seemed like it could have an impact.
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8516
2014-03-13 12:42:41 -07:00
..
application Give Diviner a non-legacy root controller 2014-03-05 13:07:50 -08:00
atom Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00
atomizer Various linter fixes. 2014-02-26 12:44:58 -08:00
cache Add a ref cache and index construction to Diviner 2013-02-17 15:40:11 -08:00
controller Minor improvements to Diviner layout 2014-03-10 17:59:13 -07:00
markup Generate PHP function documentation in Diviner 2013-08-27 03:14:00 -07:00
phid Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
publisher Link and summarize methods in the "Tasks" view of a Diviner class 2013-09-08 09:12:33 -07:00
query Make Diviner's "advanced search" a little less derp 2014-03-05 16:45:21 -08:00
renderer Link and summarize methods in the "Tasks" view of a Diviner class 2013-09-08 09:12:33 -07:00
storage Minor improvements to Diviner layout 2014-03-10 17:59:13 -07:00
view Policy, Status in PHUIHeaderView 2013-09-17 09:12:37 -07:00
workflow Use "\z" instead of "$" to anchor validating regular expressions 2014-03-13 12:42:41 -07:00