[aur-dev] [PATCH 1/2] pkgsubmit.php: Simplify package name validation

[Lukas Fleischer]

Remove redundant filters -- single quotes are already removed in
$pkgbuild_new and we do not pass the package name to a shell
(additionally, the regular expression already checks for potentially
evil characters).

Also, move the $pkg_name extraction up to fix the split package check.

Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
 web/html/pkgsubmit.php | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fefb31e..685d5cb 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -268,19 +268,13 @@ if ($uid):
 			}
 		}
 
-		# Now we've parsed the pkgbuild, let's move it to where it belongs
-		if (!$error && $pkg_name[0] == '(') {
-			$error = __("Error - The AUR does not support split packages!");
-		}
-
+		# Validate package name
 		if (!$error) {
-			$pkg_name = str_replace("'", "", $new_pkgbuild['pkgname']);
-			$pkg_name = escapeshellarg($pkg_name);
-			$pkg_name = str_replace("'", "", $pkg_name);
-
-			$presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name);
-
-			if (!$presult) {
+			$pkg_name = $new_pkgbuild['pkgname'];
+			if ($pkg_name[0] == '(') {
+				$error = __("Error - The AUR does not support split packages!");
+			}
+			if (!preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name)) {
 				$error = __("Invalid name: only lowercase letters are allowed.");
 			}
 		}
-- 
1.8.2.rc2.352.g908df73