[X2Go-Commits] [x2goserver] 01/08: x2goserver/lib/x2go{sqlitewrapper.pl, utils.pm}: allow arbitrary-length user names, user names starting with digits and drop $ as a valid user name character. Fixes: #1229.

[git-admin at x2go.org]

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch release/4.0.1.x
in repository x2goserver.

commit 780622ac76ed677e3c59aa65a6e487062e2ec31e
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Wed Nov 1 06:47:37 2017 +0100

    x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length user names, user names starting with digits and drop $ as a valid user name character. Fixes: #1229.
---
 debian/changelog                    |  3 +++
 x2goserver/lib/x2gosqlitewrapper.pl | 10 ++++------
 x2goserver/lib/x2goutils.pm         | 10 ++++------
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 4d63a80..19045ff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -46,6 +46,9 @@ x2goserver (4.0.1.21-0x2go1) UNRELEASED; urgency=medium
     - x2goserver/{bin/x2golistshadowsessions,
       lib/x2go{dbwrapper.pm,sqlitewrapper.pl}}: backport listshadowsessions*
       DB functions and unmark them as FIXME entries.
+    - x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length
+      user names, user names starting with digits and drop $ as a valid user
+      name character. Fixes: #1229.
   * x2goserver.spec:
     - Add mandatory perl-generators Build-Requires as per
       https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 4604c6e..49afad6 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -61,13 +61,11 @@ sub sanitizer {
 			return $string;
 		} else {return 0;}
 	} elsif ($type eq "x2gosid") {
-		$string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
-		if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
+		$string =~ s/[^a-zA-Z0-9\.\_\-\@]//g;
+		if ($string =~ /^([a-zA-Z0-9\.\_\-\@]*)$/) {
 			$string = $1;
-			if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
-				if ((length($1) > 0) and (length($1) < 48)){
-					return $string;
-				} else {return 0;}
+			if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\.\_\-]*\_dp[\d]{1,2}$/) {
+				return $string;
 			} else {return 0;}
 		} else {return 0;}
 	} elsif ($type eq "SOMETHINGELSE") {
diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm
index 9104f77..ebbcf2e 100644
--- a/x2goserver/lib/x2goutils.pm
+++ b/x2goserver/lib/x2goutils.pm
@@ -40,13 +40,11 @@ sub sanitizer {
 			return $string;
 		} else {return 0;}
 	} elsif ($type eq "x2gosid") {
-		$string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
-		if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
+		$string =~ s/[^a-zA-Z0-9\.\_\-\@]//g;
+		if ($string =~ /^([a-zA-Z0-9\.\_\-\@]*)$/) {
 			$string = $1;
-			if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
-				if ((length($1) > 0) and (length($1) < 48)){
-					return $string;
-				} else {return 0;}
+			if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\.\_\-]*\_dp[\d]{1,2}$/) {
+				return $string;
 			} else {return 0;}
 		} else {return 0;}
 	} elsif ($type eq "SOMETHINGELSE") {

--
Alioth's /srv/git/code.x2go.org/x2goserver.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git