From 6e63ed701b6edcd7fb0ede2cb5132449abe0f3be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@anarcat.ath.cx>
Date: Tue, 28 Nov 2006 00:56:51 +0000
Subject: [PATCH] use same regexp for allowed usernames as in the php code
 (m_admin::add_mem())

do not quote_meta in shell command, since all variables are now
considered safe

see #998
see #427
---
 src/mem_add | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/mem_add b/src/mem_add
index cebe5799..a57c2eae 100755
--- a/src/mem_add
+++ b/src/mem_add
@@ -13,7 +13,7 @@ if (!$name || !$uid) {
 $ENV{PATH} = "";
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
 
-if (!($name =~ /^([a-z0-9_\+\.-]+)$/)) {
+if (!($name =~ /^([a-z0-9]+)$/)) {
     die "Account name is incorrect.";
 }
 $name=$1;
@@ -28,8 +28,8 @@ $( = $);
 my $PTH="/var/alternc/html/".substr($name,0,1)."/".$name;
 
 mkdir($PTH);
-system("/bin/chown 33:$uid '".quotemeta($PTH)."'");
-system("/bin/chmod 02770 '".quotemeta($PTH)."'");
+system("/bin/chown 33:$uid '$PTH'");
+system("/bin/chmod 02770 '$PTH'");
 
 0;