[MRM-819]

added validation to allow only alphanumeric, '.', '-' and '_' characters for repo group id git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@660472 13f79535-47bb-0310-9956-ffa450edef68
2008-05-27 11:38:22 +00:00 · 2008-05-27 11:38:22 +00:00 · 67de1cbc3b
parent 9afc627e10
commit 67de1cbc3b
1 changed files with 24 additions and 6 deletions
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
@ -21,6 +21,9 @@ package org.apache.maven.archiva.web.action.admin.repositories;

 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;

 import com.opensymphony.webwork.interceptor.ServletRequestAware;
@ -60,6 +63,8 @@ public class RepositoryGroupsAction
     */
    private String baseUrl;
    
+    private static final Pattern REPO_GROUP_ID_PATTERN = Pattern.compile( "[A-Za-z0-9\\._\\-]+" ); 
+    
    public void setServletRequest( HttpServletRequest request )
    {
        this.baseUrl = ContextUtils.getBaseURL( request, "repository" );
@ -81,6 +86,25 @@ public class RepositoryGroupsAction

        String repoGroupId = repositoryGroup.getId();
        
+        if( repoGroupId == null || "".equals( repoGroupId.trim() ) )
+        {
+            addActionError( "Identifier field is required." );
+            return ERROR;
+        }
+        
+        if( repoGroupId.length() > 100 )
+        {
+            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
+            return ERROR;
+        }
+                
+        Matcher matcher = REPO_GROUP_ID_PATTERN.matcher( repoGroupId );        
+        if( !matcher.matches() )
+        {
+            addActionError( "Invalid character(s) found in identifier. Only the following characters are allowed: alphanumeric, '.', '-' and '_'" );
+            return ERROR;
+        }
+        
        if ( StringUtils.isBlank( repoGroupId ) )
        {
        	addActionError( "You must enter a repository group id." );
@ -105,12 +129,6 @@ public class RepositoryGroupsAction
                    + "], that id already exists as a remote repository." );
            return ERROR;
        }
-        
-        if( repoGroupId.length() > 100 )
-        {
-            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
-            return ERROR;
-        }
            
        configuration.addRepositoryGroup( repositoryGroup );
        return saveConfiguration( configuration );