[ic] Form variable names with dashes don't work with profile checks

[Mike Heins]

Quoting Mike Heins (mike at heins.com):
> Quoting Jon Jensen (jon at endpoint.com):
> > On Fri, 27 May 2016, Peter wrote:
> > 
> > >It seems that if you have a form variable with dashes in it (not
> > >underscores) and attempt to run a profile check on it, do_check() parses
> > >out only that part of the variable name after the final dash.  This is
> > >due to the regexp which parses the profile line in do_check():
> > >
> > >               elsif ($parameter =~ /(\w+)[\s=]+(.*)/) {
> > >
> > >...since dash is not included in word characters it won't parse out as
> > >part of the profile name.
> > >
> > >Is there any reason why the above line can't be changed to:
> > >
> > >               elsif ($parameter =~ /([\w-]+)[\s=]+(.*)/) {
> > >
> > >...and should we allow even additional characters?
> > >
> > >The reason this is coming up is because I'm adding a profile check for
> > >recaptchas, and the recaptcha system uses "g-recaptcha-response" for the
> > >form name.
> > 
> > Hmm. That makes sense, and I'm kind of surprised we haven't run into
> > other similar situations before, but maybe people have just worked
> > around it by doing form validation other ways if the form parameters
> > didn't match ^\w+$ instead of worrying about this.
> > 
> > It feels a little risky to mess with this part of the code at all
> > since there aren't many profile check tests in the test catalog, so
> > I would suggest we just additionally allow the - character you need,
> > and nothing more for now.
> 
> We could also make it a regex pattern that can be changed via a variable or
> directive.

Proposed change pushed. Tested inline in module, not in real world, but
should be safe.

-- 
Mike Heins
End Point -- Expert Internet Consulting    http://www.endpoint.com/
phone +1.765.253.4194  <mikeh at endpoint.com>

An amateur practices until he gets it right. A pro
practices until he can't get it wrong. -- unknown