[Fusionforge-commits] r9582 - in trunk/gforge: common/frs common/include deb-specific

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Apr 23 10:56:54 CEST 2010


Author: lolando
Date: 2010-04-23 10:56:54 +0200 (Fri, 23 Apr 2010)
New Revision: 9582

Modified:
   trunk/gforge/common/frs/FRSFile.class.php
   trunk/gforge/common/frs/FRSPackage.class.php
   trunk/gforge/common/include/utils.php
   trunk/gforge/deb-specific/fileforge.pl
Log:
Also allow ~ in filenames for the FRS, for *.deb files

Modified: trunk/gforge/common/frs/FRSFile.class.php
===================================================================
--- trunk/gforge/common/frs/FRSFile.class.php	2010-04-23 08:56:45 UTC (rev 9581)
+++ trunk/gforge/common/frs/FRSFile.class.php	2010-04-23 08:56:54 UTC (rev 9582)
@@ -94,7 +94,7 @@
 			return false;
 		}
 		if (!util_is_valid_filename($name)) {
-			$this->setError(_('Filename can only be alphanumeric and "-" "_" "." characters.'));
+			$this->setError(_('Filename can only be alphanumeric and "-" "_" "+" "." "~" characters.'));
 			return false;
 		}
 //

Modified: trunk/gforge/common/frs/FRSPackage.class.php
===================================================================
--- trunk/gforge/common/frs/FRSPackage.class.php	2010-04-23 08:56:45 UTC (rev 9581)
+++ trunk/gforge/common/frs/FRSPackage.class.php	2010-04-23 08:56:54 UTC (rev 9582)
@@ -137,7 +137,7 @@
 			return false;
 		}
 		if (!util_is_valid_filename($name)) {
-			$this->setError(_('FRSPackage::Update: Package Name can only be alphanumeric'));
+			$this->setError(_('FRSPackage::Update: Package Name can only be alphanumeric or "-" "_" "+" "." "~"'));
 		}
 		$perm =& $this->Group->getPermission( session_get_user() );
 

Modified: trunk/gforge/common/include/utils.php
===================================================================
--- trunk/gforge/common/include/utils.php	2010-04-23 08:56:45 UTC (rev 9581)
+++ trunk/gforge/common/include/utils.php	2010-04-23 08:56:54 UTC (rev 9582)
@@ -829,7 +829,7 @@
  */
 function util_is_valid_filename ($file) {
 	//bad char test
-	$invalidchars = eregi_replace("[-A-Z0-9+_\. ]","",$file);
+	$invalidchars = eregi_replace("[-A-Z0-9+_\. ~]","",$file);
 
 	if (!empty($invalidchars)) {
 		return false;

Modified: trunk/gforge/deb-specific/fileforge.pl
===================================================================
--- trunk/gforge/deb-specific/fileforge.pl	2010-04-23 08:56:45 UTC (rev 9581)
+++ trunk/gforge/deb-specific/fileforge.pl	2010-04-23 08:56:54 UTC (rev 9582)
@@ -49,8 +49,8 @@
     $dirty_group = $ARGV [2] ;
 
     # Check and untaint $user and $file here
-    $file = &wash_string ($dirty_file, "file") ;
-    $user = &wash_string ($dirty_user, "user") ;
+    $file = &wash_string ($dirty_file, "file", 1) ;
+    $user = &wash_string ($dirty_user, "user", 0) ;
 
     # Compute source file name
     $src_file = $homedir_prefix ;
@@ -59,7 +59,7 @@
     $src_file .= $file ;
 
     # Check and untaint $group here
-    $group = &wash_string ($dirty_group, "group") ;
+    $group = &wash_string ($dirty_group, "group", 0) ;
 
     # Compute and test destination dir name
     $dest_dir = "/var/lib/gforge/download/" ;
@@ -94,9 +94,9 @@
     $dirty_user = $ARGV [2] ;
 
     # Check and untaint variables here
-    $file = &wash_string ($dirty_file, "file") ;
-    $real_file = &wash_string ($dirty_real_file, "real_file") ;
-    $user = &wash_string ($dirty_user, "user") ;
+    $file = &wash_string ($dirty_file, "file", 1) ;
+    $real_file = &wash_string ($dirty_real_file, "real_file", 1) ;
+    $user = &wash_string ($dirty_user, "user", 0) ;
 
     # Compute source file name
     $src_file = "/tmp/" ;
@@ -136,15 +136,23 @@
 sub wash_string {
     my $string = shift ;
     my $name = shift ;
+    my $allowtilde = shift ;
 
     # Empty strings are not allowed
     if (length $string == 0) {
 	die "Forbidden empty $name '$string'" ;
     }
     
-    # Only allowed characters are alphanumerical . + _ -
-    if ($string =~ m,[^\w.+_-],) {
-	die "Forbidden characters in $name '$string'" ;
+    if ($allowtilde) {
+	# Only allowed characters are alphanumerical . + _ - ~
+	if ($string =~ m,[^\w.+_~-],) {
+		die "Forbidden characters in $name '$string'" ;
+	}
+    } else {
+	# Only allowed characters are alphanumerical . + _ -
+	if ($string =~ m,[^\w.+_-],) {
+		die "Forbidden characters in $name '$string'" ;
+	}
     }
 
     # No .. sequence is allowed




More information about the Fusionforge-commits mailing list