From c6d4e259fb06544ee39b5899754038df705b3e73 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 16 Feb 2010 12:21:51 +0000
Subject: [PATCH] Add the 'D'-modifier to all regex'es that match the full
 string.

By default '$' matches end of string, or newline at end of string,
which made it possible to add a trailing newline to some strings that
shouldn't have it.

As far as I can tell, none of the errors presented a security problem.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2183 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Configuration.php          | 2 +-
 lib/SimpleSAML/Utilities.php              | 2 +-
 lib/SimpleSAML/XHTML/Template.php         | 2 +-
 modules/casserver/www/serviceValidate.php | 2 +-
 modules/casserver/www/validate.php        | 2 +-
 modules/logpeek/www/index.php             | 2 +-
 www/admin/test.php                        | 2 +-
 www/auth/login-feide.php                  | 6 +++---
 www/module.php                            | 4 ++--
 9 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index ba36047a9..61081c06f 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -335,7 +335,7 @@ class SimpleSAML_Configuration {
 	
 	
 	public function getBaseURL() {
-		if (preg_match('/^\*(.*)$/', $this->getString('baseurlpath', 'simplesaml/'), $matches)) {
+		if (preg_match('/^\*(.*)$/D', $this->getString('baseurlpath', 'simplesaml/'), $matches)) {
 			return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1];
 		}
 
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index ea3913029..dea9998d5 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -472,7 +472,7 @@ class SimpleSAML_Utilities {
 		assert('is_null($timestamp) || is_int($timestamp)');
 
 		/* Parse the duration. We use a very strict pattern. */
-		$durationRegEx = '#^(-?)P(?:(?:(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)D)?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+)S)?)?)|(?:(\\d+)W))$#';
+		$durationRegEx = '#^(-?)P(?:(?:(?:(\\d+)Y)?(?:(\\d+)M)?(?:(\\d+)D)?(?:T(?:(\\d+)H)?(?:(\\d+)M)?(?:(\\d+)S)?)?)|(?:(\\d+)W))$#D';
 		if (!preg_match($durationRegEx, $duration, $matches)) {
 			throw new Exception('Invalid ISO 8601 duration: ' . $duration);
 		}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index d7716b5af..b0460e5be 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -252,7 +252,7 @@ class SimpleSAML_XHTML_Template {
 		}
 
 		/* Check whether we should use the default dictionary or a dictionary specified in the tag. */
-		if(substr($tag, 0, 1) === '{' && preg_match('/^{((?:\w+:)?\w+?):(.*)}$/', $tag, $matches)) {
+		if(substr($tag, 0, 1) === '{' && preg_match('/^{((?:\w+:)?\w+?):(.*)}$/D', $tag, $matches)) {
 			$dictionary = $matches[1];
 			$tag = $matches[2];
 		} else {
diff --git a/modules/casserver/www/serviceValidate.php b/modules/casserver/www/serviceValidate.php
index 4b767ede7..dde96ade3 100644
--- a/modules/casserver/www/serviceValidate.php
+++ b/modules/casserver/www/serviceValidate.php
@@ -91,7 +91,7 @@ function storeTicket($ticket, $path, &$value ) {
 
 function retrieveTicket($ticket, $path) {
 
-	if (!preg_match('/^_?[a-zA-Z0-9]+$/', $ticket)) throw new Exception('Invalid characters in ticket');
+	if (!preg_match('/^_?[a-zA-Z0-9]+$/D', $ticket)) throw new Exception('Invalid characters in ticket');
 
 	if (!is_dir($path)) 
 		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
diff --git a/modules/casserver/www/validate.php b/modules/casserver/www/validate.php
index 9d01c5a84..27e847efe 100644
--- a/modules/casserver/www/validate.php
+++ b/modules/casserver/www/validate.php
@@ -72,7 +72,7 @@ function storeTicket($ticket, $path, &$value ) {
 
 function retrieveTicket($ticket, $path) {
 
-	if (!preg_match('/^_?[a-zA-Z0-9]+$/', $ticket)) throw new Exception('Invalid characters in ticket');
+	if (!preg_match('/^_?[a-zA-Z0-9]+$/D', $ticket)) throw new Exception('Invalid characters in ticket');
 
 	if (!is_dir($path)) 
 		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
diff --git a/modules/logpeek/www/index.php b/modules/logpeek/www/index.php
index fbc5688a7..2389e31ea 100644
--- a/modules/logpeek/www/index.php
+++ b/modules/logpeek/www/index.php
@@ -1,7 +1,7 @@
 <?php
 
 function logFilter($objFile, $tag, $cut){
-	if (!preg_match('/^[a-f0-9]{10}$/', $tag)) throw new Exception('Invalid search tag');
+	if (!preg_match('/^[a-f0-9]{10}$/D', $tag)) throw new Exception('Invalid search tag');
 	
 	$i = 0;
 	$results = array();
diff --git a/www/admin/test.php b/www/admin/test.php
index 29905e6d1..cea34faf2 100644
--- a/www/admin/test.php
+++ b/www/admin/test.php
@@ -67,7 +67,7 @@ if (array_key_exists('protocol', $_GET)) {
 $attr_test = array();
 
 foreach ($_GET as $k => $v) {
-	if(preg_match('/^attr_test(?:_\d+)?$/', $k)) {
+	if(preg_match('/^attr_test(?:_\d+)?$/D', $k)) {
 		$pos = strpos($v, ':');
 		if($pos === FALSE) {
 			error('Invalid attribute test: $v');
diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php
index 8439c9aca..1680ee149 100644
--- a/www/auth/login-feide.php
+++ b/www/auth/login-feide.php
@@ -121,7 +121,7 @@ if (isset($_REQUEST['username'])) {
 		/*
 		 * Checking username parameter for illegal characters.
 		 */
-		if (!preg_match('/^[a-z0-9._]+(@[a-z0-9._]+)?$/', $requestedUser) ) 
+		if (!preg_match('/^[a-z0-9._]+(@[a-z0-9._]+)?$/D', $requestedUser) ) 
 			throw new Exception('Illegal characters in (or empty) username.');
 		
 		/*
@@ -143,7 +143,7 @@ if (isset($_REQUEST['username'])) {
 			$requestedOrg = strtolower($_REQUEST['org']);
 		}
 
-		if (!preg_match('/^[a-z0-9.]*$/', $requestedOrg) ) 
+		if (!preg_match('/^[a-z0-9.]*$/D', $requestedOrg) ) 
 			throw new Exception('Illegal characters in organization.');
 
 		if (!array_key_exists($requestedOrg, $ldaporgconfig))
@@ -159,7 +159,7 @@ if (isset($_REQUEST['username'])) {
 		
 		$password = $_REQUEST['password'];
 		
-		if (!preg_match('/^[a-zA-Z0-9.]+$/', $password) ) 
+		if (!preg_match('/^[a-zA-Z0-9.]+$/D', $password) ) 
 			throw new Exception('Illegal characters in password.');
 		
 		/*
diff --git a/www/module.php b/www/module.php
index 649b95c82..12bf3b5cb 100644
--- a/www/module.php
+++ b/www/module.php
@@ -129,7 +129,7 @@ try {
 		throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
 	}
 
-	if (preg_match('#\.php$#', $path)) {
+	if (preg_match('#\.php$#D', $path)) {
 		/* PHP file - attempt to run it. */
 		$_SERVER['SCRIPT_NAME'] .= '/' . $module . '/' . $url;
 		require($path);
@@ -140,7 +140,7 @@ try {
 
 	/* Find MIME type for file, based on extension. */
 	$contentType = NULL;
-	if (preg_match('#\.([^/]+)$#', $path, $type)) {
+	if (preg_match('#\.([^/]+)$#D', $path, $type)) {
 		$type = strtolower($type[1]);
 		if (array_key_exists($type, $mimeTypes)) {
 			$contentType = $mimeTypes[$type];
-- 
GitLab