Page MenuHomePhabricator

Use "\z" instead of "$" to anchor validating regular expressions
ClosedPublic

Authored by epriestley on Mar 13 2014, 2:18 PM.
Tags
None
Referenced Files
F15458134: D8516.id20205.diff
Sun, Mar 30, 9:04 PM
F15457731: D8516.diff
Sun, Mar 30, 6:15 PM
F15456800: D8516.id.diff
Sun, Mar 30, 12:18 PM
F15456138: D8516.id20207.diff
Sun, Mar 30, 7:17 AM
F15455964: D8516.id20206.diff
Sun, Mar 30, 6:02 AM
F15452778: D8516.diff
Sat, Mar 29, 7:14 AM
F15437052: D8516.id20205.diff
Tue, Mar 25, 5:11 PM
F15427604: D8516.id20207.diff
Sun, Mar 23, 3:10 PM
Subscribers

Details

Summary

Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression /^A$/ matches two strings: "A", and "A\n".

When we care about this, use \z instead, which matches "end of input" only.

This allowed registration of "username\n" and similar.

Test Plan
  • Grepped codebase for all calls to preg_match() / preg_match_all().
  • Fixed the ones where this seemed like it could have an impact.
  • Added and executed unit tests.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley retitled this revision from to Use "\z" instead of "$" to anchor validating regular expressions.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 13 2014, 5:38 PM
epriestley updated this revision to Diff 20210.

Closed by commit rP969d0c3e8de2 (authored by @epriestley).