This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.0.1.x in repository x2goserver. commit 780622ac76ed677e3c59aa65a6e487062e2ec31e Author: Mihai Moldovan <ionic@ionic.de> Date: Wed Nov 1 06:47:37 2017 +0100 x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length user names, user names starting with digits and drop $ as a valid user name character. Fixes: #1229. --- debian/changelog | 3 +++ x2goserver/lib/x2gosqlitewrapper.pl | 10 ++++------ x2goserver/lib/x2goutils.pm | 10 ++++------ 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4d63a80..19045ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -46,6 +46,9 @@ x2goserver (4.0.1.21-0x2go1) UNRELEASED; urgency=medium - x2goserver/{bin/x2golistshadowsessions, lib/x2go{dbwrapper.pm,sqlitewrapper.pl}}: backport listshadowsessions* DB functions and unmark them as FIXME entries. + - x2goserver/lib/x2go{sqlitewrapper.pl,utils.pm}: allow arbitrary-length + user names, user names starting with digits and drop $ as a valid user + name character. Fixes: #1229. * x2goserver.spec: - Add mandatory perl-generators Build-Requires as per https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl index 4604c6e..49afad6 100755 --- a/x2goserver/lib/x2gosqlitewrapper.pl +++ b/x2goserver/lib/x2gosqlitewrapper.pl @@ -61,13 +61,11 @@ sub sanitizer { return $string; } else {return 0;} } elsif ($type eq "x2gosid") { - $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; - if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { + $string =~ s/[^a-zA-Z0-9\.\_\-\@]//g; + if ($string =~ /^([a-zA-Z0-9\.\_\-\@]*)$/) { $string = $1; - if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { - if ((length($1) > 0) and (length($1) < 48)){ - return $string; - } else {return 0;} + if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\.\_\-]*\_dp[\d]{1,2}$/) { + return $string; } else {return 0;} } else {return 0;} } elsif ($type eq "SOMETHINGELSE") { diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm index 9104f77..ebbcf2e 100644 --- a/x2goserver/lib/x2goutils.pm +++ b/x2goserver/lib/x2goutils.pm @@ -40,13 +40,11 @@ sub sanitizer { return $string; } else {return 0;} } elsif ($type eq "x2gosid") { - $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; - if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { + $string =~ s/[^a-zA-Z0-9\.\_\-\@]//g; + if ($string =~ /^([a-zA-Z0-9\.\_\-\@]*)$/) { $string = $1; - if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { - if ((length($1) > 0) and (length($1) < 48)){ - return $string; - } else {return 0;} + if ($string =~ /^([a-zA-Z0-9\.\_][a-zA-Z0-9\.\_\-\@]*)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\.\_\-]*\_dp[\d]{1,2}$/) { + return $string; } else {return 0;} } else {return 0;} } elsif ($type eq "SOMETHINGELSE") { -- Alioth's /srv/git/code.x2go.org/x2goserver.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git