[interchange-cvs] interchange - racke modified 2 files

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Thu Aug 10 03:31:33 EDT 2006


User:      racke
Date:      2006-08-10 07:31:33 GMT
Modified:  .        WHATSNEW-5.5
Modified:  lib/Vend UserDB.pm
Log:
New validchars option to customize valid characters for usernames.

Revision  Changes    Path
1.14      +12 -4     interchange/WHATSNEW-5.5


rev 1.14, prev_rev 1.13
Index: WHATSNEW-5.5
===================================================================
RCS file: /var/cvs/interchange/WHATSNEW-5.5,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- WHATSNEW-5.5	9 Aug 2006 12:18:08 -0000	1.13
+++ WHATSNEW-5.5	10 Aug 2006 07:31:33 -0000	1.14
@@ -13,10 +13,6 @@
 Core
 ----
 
-* Fixed UserDB login issues within embedded Perl by using
-  Vend::Util::string_to_ref for deserialization of carts and other 
-  hashes.  
-
 * Removed odd formatting from --add entry in interchange manual page.
 
 * Fixed a DoS exploit. A carefully crafted HTTP POST request could cause
@@ -45,6 +41,18 @@
 * Terminate search if mv_min_string condition isn't met.
 
 * Make [sql-quote] list tag to work properly with multiple lines.
+
+UserDB
+------
+
+* Fixed UserDB login issues within embedded Perl by using
+  Vend::Util::string_to_ref for deserialization of carts and other 
+  hashes.  
+
+* New validchars option to customize valid characters for usernames, e.g.
+  adding the + character to the list of valid characters:
+
+  UserDB    default    validchars "-A-Za-z0-9_ at .+"
 
 UserTag
 -------



2.47      +5 -4      interchange/lib/Vend/UserDB.pm


rev 2.47, prev_rev 2.46
Index: UserDB.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/UserDB.pm,v
retrieving revision 2.46
retrieving revision 2.47
diff -u -r2.46 -r2.47
--- UserDB.pm	6 Aug 2006 19:51:38 -0000	2.46
+++ UserDB.pm	10 Aug 2006 07:31:33 -0000	2.47
@@ -1,6 +1,6 @@
 # Vend::UserDB - Interchange user database functions
 #
-# $Id: UserDB.pm,v 2.46 2006/08/06 19:51:38 mheins Exp $
+# $Id: UserDB.pm,v 2.47 2006/08/10 07:31:33 racke Exp $
 #
 # Copyright (C) 2002-2005 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -17,7 +17,7 @@
 
 package Vend::UserDB;
 
-$VERSION = substr(q$Revision: 2.46 $, 10);
+$VERSION = substr(q$Revision: 2.47 $, 10);
 
 use vars qw!
 	$VERSION
@@ -272,6 +272,7 @@
 			LAST   		=> '',
 			USERMINLEN	=> $options{userminlen}	|| 2,
 			PASSMINLEN	=> $options{passminlen}	|| 4,
+			VALIDCHARS	=> $options{validchars} ? ('[' . $options{validchars} . ']') : $USERNAME_GOOD_CHARS,
 			CRYPT  		=> defined $options{'crypt'}
 							? $options{'crypt'}
 							: ! $::Variable->{MV_NO_CRYPT},
@@ -1185,7 +1186,7 @@
 		}
 
 		# Username must contain only valid characters
-		if ($self->{USERNAME} !~ m{^$USERNAME_GOOD_CHARS+$}) {
+		if ($self->{USERNAME} !~ m{^$self->{VALIDCHARS}+$}) {
 			$self->log_either(errmsg("Denied attempted login for user name '%s' with illegal characters",
 				$self->{USERNAME}));
 			die $stock_error, "\n";
@@ -1639,7 +1640,7 @@
 		}
 		die errmsg("Can't have '%s' as username; it contains illegal characters.",
 			$self->{USERNAME}) . "\n"
-			if $self->{USERNAME} !~ m{^$USERNAME_GOOD_CHARS+$};
+			if $self->{USERNAME} !~ m{^$$self->{VALIDCHARS}+$};
 		die errmsg("Must have at least %s characters in username.",
 			$self->{USERMINLEN}) . "\n"
 			if length($self->{USERNAME}) < $self->{USERMINLEN};








More information about the interchange-cvs mailing list