Mercurial > noffle

diff src/group.c @ 228:1ad2602f57db noffle

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[svn] see Changelog Dec 18 2001
author mirkol
date Tue, 18 Dec 2001 15:27:08 +0000
parents 24d4cd032da5
children 6eb6c912a0e4
line wrap: on
line diff
--- a/src/group.c	Tue Dec 18 15:24:49 2001 +0000
+++ b/src/group.c	Tue Dec 18 15:27:08 2001 +0000
@@ -7,7 +7,7 @@
   loadGrp() and saveGrp(). This is done transparently. Access to the groups
   database is done by group name, by the functions defined in group.h.        
 
-  $Id: group.c 316 2001-10-31 11:44:53Z bears $
+  $Id: group.c 358 2001-12-18 15:27:08Z mirkol $
 */
 
 #if HAVE_CONFIG_H
@@ -411,3 +411,38 @@
     *name = cursor.dptr;
     return ( cursor.dptr != NULL );
 }
+
+Bool
+Grp_isValidGroupName( const char *name)
+{
+    const char *pname, *ppat;
+    const char *illegalchars = "\t\n\r,";  /* Are there any other illegal characters? */
+
+    /* Find directory prefixes to prevent exploits. */
+    switch ( name[0] )
+    {
+        case '.':   /* prevent noffle -C ../fetchlist */
+        case '/':   /* prevent noffle -C /etc/noffle.conf */
+        case ':':
+        case '\\':
+        return FALSE; /* group name invalid */
+    }
+
+    /* Find illegal characters. */
+    if ( strpbrk( name, illegalchars ) )
+        return FALSE;
+
+    /* Find "all", "all.*", "*.all" or "*.all.*"  */
+    pname = name;
+    while ( ppat = strstr( pname, "all" ) )
+    {
+        if ( ( ppat == name || *(ppat - 1) == '.'  )
+             && ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) )
+            return FALSE;
+        else
+            pname += 3;
+    }
+
+    /* Group name is hopefully valid. */   
+    return TRUE;
+}