[interchange-cvs] interchange - racke modified 2 files
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Thu Aug 10 03:31:33 EDT 2006
User: racke
Date: 2006-08-10 07:31:33 GMT
Modified: . WHATSNEW-5.5
Modified: lib/Vend UserDB.pm
Log:
New validchars option to customize valid characters for usernames.
Revision Changes Path
1.14 +12 -4 interchange/WHATSNEW-5.5
rev 1.14, prev_rev 1.13
Index: WHATSNEW-5.5
===================================================================
RCS file: /var/cvs/interchange/WHATSNEW-5.5,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- WHATSNEW-5.5 9 Aug 2006 12:18:08 -0000 1.13
+++ WHATSNEW-5.5 10 Aug 2006 07:31:33 -0000 1.14
@@ -13,10 +13,6 @@
Core
----
-* Fixed UserDB login issues within embedded Perl by using
- Vend::Util::string_to_ref for deserialization of carts and other
- hashes.
-
* Removed odd formatting from --add entry in interchange manual page.
* Fixed a DoS exploit. A carefully crafted HTTP POST request could cause
@@ -45,6 +41,18 @@
* Terminate search if mv_min_string condition isn't met.
* Make [sql-quote] list tag to work properly with multiple lines.
+
+UserDB
+------
+
+* Fixed UserDB login issues within embedded Perl by using
+ Vend::Util::string_to_ref for deserialization of carts and other
+ hashes.
+
+* New validchars option to customize valid characters for usernames, e.g.
+ adding the + character to the list of valid characters:
+
+ UserDB default validchars "-A-Za-z0-9_ at .+"
UserTag
-------
2.47 +5 -4 interchange/lib/Vend/UserDB.pm
rev 2.47, prev_rev 2.46
Index: UserDB.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/UserDB.pm,v
retrieving revision 2.46
retrieving revision 2.47
diff -u -r2.46 -r2.47
--- UserDB.pm 6 Aug 2006 19:51:38 -0000 2.46
+++ UserDB.pm 10 Aug 2006 07:31:33 -0000 2.47
@@ -1,6 +1,6 @@
# Vend::UserDB - Interchange user database functions
#
-# $Id: UserDB.pm,v 2.46 2006/08/06 19:51:38 mheins Exp $
+# $Id: UserDB.pm,v 2.47 2006/08/10 07:31:33 racke Exp $
#
# Copyright (C) 2002-2005 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -17,7 +17,7 @@
package Vend::UserDB;
-$VERSION = substr(q$Revision: 2.46 $, 10);
+$VERSION = substr(q$Revision: 2.47 $, 10);
use vars qw!
$VERSION
@@ -272,6 +272,7 @@
LAST => '',
USERMINLEN => $options{userminlen} || 2,
PASSMINLEN => $options{passminlen} || 4,
+ VALIDCHARS => $options{validchars} ? ('[' . $options{validchars} . ']') : $USERNAME_GOOD_CHARS,
CRYPT => defined $options{'crypt'}
? $options{'crypt'}
: ! $::Variable->{MV_NO_CRYPT},
@@ -1185,7 +1186,7 @@
}
# Username must contain only valid characters
- if ($self->{USERNAME} !~ m{^$USERNAME_GOOD_CHARS+$}) {
+ if ($self->{USERNAME} !~ m{^$self->{VALIDCHARS}+$}) {
$self->log_either(errmsg("Denied attempted login for user name '%s' with illegal characters",
$self->{USERNAME}));
die $stock_error, "\n";
@@ -1639,7 +1640,7 @@
}
die errmsg("Can't have '%s' as username; it contains illegal characters.",
$self->{USERNAME}) . "\n"
- if $self->{USERNAME} !~ m{^$USERNAME_GOOD_CHARS+$};
+ if $self->{USERNAME} !~ m{^$$self->{VALIDCHARS}+$};
die errmsg("Must have at least %s characters in username.",
$self->{USERMINLEN}) . "\n"
if length($self->{USERNAME}) < $self->{USERMINLEN};
More information about the interchange-cvs
mailing list