Mercurial > noffle

diff src/group.c @ 249:0340b9c17edc noffle
[svn] *** empty log message ***
author: mirkol
date: Tue, 14 May 2002 15:25:45 +0100
parents: 6eb6c912a0e4
children: 93d5d8b098da
--- a/src/group.c	Tue Mar 26 17:52:48 2002 +0000
+++ b/src/group.c	Tue May 14 15:25:45 2002 +0100
@@ -7,7 +7,7 @@
   loadGrp() and saveGrp(). This is done transparently. Access to the groups
   database is done by group name, by the functions defined in group.h.        
 
-  $Id: group.c 374 2002-03-15 10:49:56Z bears $
+  $Id: group.c 381 2002-05-14 14:25:45Z mirkol $
 */
 
 #if HAVE_CONFIG_H
@@ -416,16 +416,19 @@
 Grp_isValidGroupName( const char *name)
 {
     const char *pname, *ppat;
-    const char *illegalchars = "\t\n\r,";  /* Are there any other illegal characters? */
+    const char *illegalchars = "\t\n\r,/:\\";  /* Are there any other dangerous characters? */
 
     /* Find directory prefixes to prevent exploits. */
     switch ( name[0] )
     {
         case '.':   /* prevent noffle -C ../fetchlist */
-        case '/':   /* prevent noffle -C /etc/noffle.conf */
-        case ':':
-        case '\\':
-        return FALSE; /* group name invalid */
+        case '+':  
+        case '-':       /* reserved for internal use of implementations 
+                         * rf. draft-ietf-usefor-article-06.txt, ch 5.5.1 */
+            return FALSE; /* group name invalid */
+            break;
+        default:
+            break;
     }
 
     /* Find illegal characters. */
@@ -442,6 +445,24 @@
         else
             pname += 3;
     }
+    
+   /* Find "ctl", "ctl.*", "*.ctl" or "*.ctl.*"  */
+    pname = name;
+    while ( ( ppat = strstr( pname, "ctl" ) ) != NULL )
+    {
+        if ( ( ppat == name || *(ppat - 1) == '.'  )
+             && ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) )
+            return FALSE;
+        else
+            pname += 3;
+    }
+    /* Find some special groups and hierarchies. */
+    if ( !( strcmp( name, "poster" ) && strcmp( name, "junk" )
+       && strcmp( name, "control" ) && strcmp( name, "to" )
+       && strncmp( name, "control.", 8 ) && strncmp( name, "to.", 3 )
+       && strncmp( name, "example.", 8 ) ) )
+            return FALSE;
+
 
     /* Group name is hopefully valid. */   
     return TRUE;
author	mirkol
date	Tue, 14 May 2002 15:25:45 +0100
parents	6eb6c912a0e4
children	93d5d8b098da