This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goserver. commit da2ab9b1cd273e10d5c995db2eb3ac76aeff0c6a Author: Mihai Moldovan <ionic@ionic.de> Date: Wed Nov 1 06:47:37 2017 +0100 x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length user names, user names starting with digits and drop $ as a valid user name character. Fixes: #1229. Cherry-picked from release/4.0.1.x branch. X2Go/Utils.pm: backport user name regex changes. --- X2Go/Utils.pm | 18 +++++++----------- debian/changelog | 4 ++++ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/X2Go/Utils.pm b/X2Go/Utils.pm index f47c5b8..7f9e0a5 100644 --- a/X2Go/Utils.pm +++ b/X2Go/Utils.pm @@ -121,21 +121,17 @@ sub sanitizer { return $string; } else {return 0;} } elsif ($type eq "pnixusername") { - $string =~ s/[^a-zA-Z0-9\_\-\.]//g; - if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.]{0,47}[\$]?)$/) { + $string =~ s/[^a-zA-Z0-9\.\_\-\@]//g; + if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)$/) { $string = $1; - if ((length($1) > 0) and (length($1) < 48)){ - return $string; - } else {return 0;} + return $string; } else {return 0;} } elsif ($type eq "x2gosid") { - $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; - if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { + $string =~ s/[^a-zA-Z0-9\.\_\-\@]//g; + if ($string =~ /^([a-zA-Z0-9\.\_\-\@]*)$/) { $string = $1; - if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { - if ((length($1) > 0) and (length($1) < 48)){ - return $string; - } else {return 0;} + if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\.\_\-]*\_dp[\d]{1,2}$/) { + return $string; } else {return 0;} } else {return 0;} } elsif ($type eq "SOMETHINGELSE") { diff --git a/debian/changelog b/debian/changelog index 0890dfa..dc814eb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -195,6 +195,7 @@ x2goserver (4.1.0.0-0x2go1.2) UNRELEASED; urgency=low debugging capabilities to POD. - README.md: whitespace fixes and typo correction. - X2Go/Server/DB/SQLite3.pm: fix command name in error messages. + - X2Go/Utils.pm: backport user name regex changes. * x2goserver.spec: - Only create session DB in x2goserver's post install script. Do use proper Requires(post) statements to make sure perl-X2Go-Server-DB and @@ -291,6 +292,9 @@ x2goserver (4.0.1.21-0x2go1) UNRELEASED; urgency=medium - x2goserver/{bin/x2golistshadowsessions, lib/x2go{dbwrapper.pm,sqlitewrapper.pl}}: backport listshadowsessions* DB functions and unmark them as FIXME entries. + - x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length + user names, user names starting with digits and drop $ as a valid user + name character. Fixes: #1229. * x2goserver.spec: - Add mandatory perl-generators Build-Requires as per https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl -- Alioth's /srv/git/code.x2go.org/x2goserver.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git