Commit 8398e931 authored by Leigh Stoller's avatar Leigh Stoller

Do not allow underscore in group names. Not sure how we managed

to allow this for so long given than underscores are not legal in
DNS names.
parent 58584cf2
......@@ -778,6 +778,7 @@ REPLACE INTO table_regex VALUES ('experiments','sync_server','text','redirect','
REPLACE INTO table_regex VALUES ('groups','project','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('groups','pid_idx','text','redirect','projects:pid_idx',0,0,NULL);
REPLACE INTO table_regex VALUES ('groups','gid','text','regex','^[a-zA-Z][-\\w]+$',2,32,NULL);
REPLACE INTO table_regex VALUES ('groups','newgid','text','regex','^[a-zA-Z][-a-zA-Z0-9]+$',2,32,NULL);
REPLACE INTO table_regex VALUES ('groups','gid_idx','text','regex','^[\\d]+$',1,12,NULL);
REPLACE INTO table_regex VALUES ('groups','group_id','text','redirect','groups:gid',2,32,NULL);
REPLACE INTO table_regex VALUES ('groups','group_leader','text','redirect','users:uid',2,8,NULL);
......
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
DBQueryFatal("REPLACE INTO table_regex VALUES ".
" ('groups','newgid','text','regex', ".
" '^[a-zA-Z][-a-zA-Z0-9]+\$',2,32,NULL)");
return 0;
}
# Local Variables:
# mode:perl
# End:
......@@ -135,7 +135,8 @@ function Do_CreateGroup()
}
}
# Group Name.
if (!TBvalid_gid($formfields["group_id"])) {
# XXX Ack, gids are just like pids; no underscore.
if (!TBvalid_newgid($formfields["group_id"])) {
$errors["group_id"] = $DBFieldErrstr;
}
else {
......
<?php
#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -221,6 +221,11 @@ function TBvalid_newpid($token) {
return TBcheck_dbslot($token, "projects", "newpid",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
# Ditto groups table wrt underscores.
function TBvalid_newgid($token) {
return TBcheck_dbslot($token, "groups", "newgid",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_gid($token) {
return TBcheck_dbslot($token, "groups", "gid",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
......
<?php
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -212,6 +212,10 @@ if (isset($formfields["project"]) &&
}
if (isset($formfields["group_id"]) && $formfields["group_id"] != "") {
$args["group_id"] = $formfields["group_id"];
# Check here, easier.
if (! TBvalid_newgid($formfields["group_id"])) {
$errors["group_id"] = $DBFieldErrstr;
}
}
if (isset($formfields["group_description"]) &&
$formfields["group_description"] != "") {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment