Homec4science

Use "\z" instead of "$" to anchor validating regular expressions

Authored by epriestley <git@epriestley.com> on Mar 13 2014, 20:42.

Description

Use "\z" instead of "$" to anchor validating regular expressions

Summary:
Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression /^A$/ matches two strings: "A", and "A\n".

When we care about this, use \z instead, which matches "end of input" only.

This allowed registration of "username\n" and similar.

Test Plan:

  • Grepped codebase for all calls to preg_match() / preg_match_all().
  • Fixed the ones where this seemed like it could have an impact.
  • Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8516

Details

Committed
epriestley <git@epriestley.com>Mar 13 2014, 20:42
Pushed
aubortJan 31 2017, 17:16
Parents
rPH58877a9b6c9d: Fix some collateral damage from SSH Keypair generation
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH969d0c3e8de2: Use "\z" instead of "$" to anchor validating regular expressions (authored by epriestley <git@epriestley.com>).Mar 13 2014, 20:42