On 04/04/18 07:48, Eli Schwartz wrote:
depends, provides, conflicts, replaces, and other variables that are meant to contain package names, are now checked to ensure
- the name component contains only characters that would equate to a valid pkgname.
- the version component contains only characters that would equate to a valid pkgver.
- comparison operator is a valid comparison operator (e.g. provides only allows exact = while optdepends doesn't allow anything)
This also refactors pkgname into a shared utility function, wires up pkgbase optdepends and provides to use it, and gives pkgver a touchup to allow referencing where it was called from.
Fixes FS#57833 and a bit of extra.
This looks OK. Quick testing showed it caught a couple of interesting cases without a false positive.