You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by oc...@apache.org on 2008/05/27 13:38:23 UTC

svn commit: r660472 - /archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java

Author: oching
Date: Tue May 27 04:38:22 2008
New Revision: 660472

URL: http://svn.apache.org/viewvc?rev=660472&view=rev
Log:
[MRM-819]
added validation to allow only alphanumeric, '.', '-' and '_' characters for repo group id

Modified:
    archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java

Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java?rev=660472&r1=660471&r2=660472&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java Tue May 27 04:38:22 2008
@@ -21,6 +21,9 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 
 import com.opensymphony.webwork.interceptor.ServletRequestAware;
@@ -60,6 +63,8 @@
      */
     private String baseUrl;
     
+    private static final Pattern REPO_GROUP_ID_PATTERN = Pattern.compile( "[A-Za-z0-9\\._\\-]+" ); 
+    
     public void setServletRequest( HttpServletRequest request )
     {
         this.baseUrl = ContextUtils.getBaseURL( request, "repository" );
@@ -81,6 +86,25 @@
 
         String repoGroupId = repositoryGroup.getId();
         
+        if( repoGroupId == null || "".equals( repoGroupId.trim() ) )
+        {
+            addActionError( "Identifier field is required." );
+            return ERROR;
+        }
+        
+        if( repoGroupId.length() > 100 )
+        {
+            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
+            return ERROR;
+        }
+                
+        Matcher matcher = REPO_GROUP_ID_PATTERN.matcher( repoGroupId );        
+        if( !matcher.matches() )
+        {
+            addActionError( "Invalid character(s) found in identifier. Only the following characters are allowed: alphanumeric, '.', '-' and '_'" );
+            return ERROR;
+        }
+        
         if ( StringUtils.isBlank( repoGroupId ) )
         {
         	addActionError( "You must enter a repository group id." );
@@ -105,12 +129,6 @@
                     + "], that id already exists as a remote repository." );
             return ERROR;
         }
-        
-        if( repoGroupId.length() > 100 )
-        {
-            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
-            return ERROR;
-        }
             
         configuration.addRepositoryGroup( repositoryGroup );
         return saveConfiguration( configuration );