Univention Bugzilla – Bug 47157
[4.2] HTTP-API import doesn't handle hyphen in class name
Last modified: 2018-07-04 18:07:50 CEST
Backport to UCS@school 4.2.
+++ This bug was initially created as a clone of Bug #47156 +++
When a CSV file containing class names with a hyphen is imported, the part before the hyphen is interpreted as school name and an error occurs, because the school is (hopefully) unknown. The school is however known beforehand, because the HTTP-API import requires it.
Furthermore an import to a different school than the one configured is not allowed. So this is actually a security breach!
In the configuration was missing the use of a CSV reader class. This CSV reader makes sure that the school name is always prepended to the class name.
[4.2] 8b6f145e Bug #47157: HTTP-API must always prepend school name to class names
[4.2] b8a2eee2 Bug #47157: advisory
The reader class for CSV files is now configured by /usr/share/ucs-school-import/configs/user_import_http-api.json, overwritable by /var/lib/ucs-school-import/configs/user_import_http-api.json, which are now both always read.
Additionally the config is checked at runtime, to verify that the used reader is ucsschool.importer.reader.http_api_csv_reader.HttpApiCsvReader or a cubcloass of it.
[4.2] b2c38af2 Bug #47157: create HTTP-API test class
[4.2] 70f47a70 Bug #47157: add check that school names in classes column are not used
[4.2] 1166fa39 Bug #47157: add docstring
[4.2] 1621e7e2 Bug #47157: force use of HttpApiCsvReader
[4.2] 941a38ed Bug #47157: always use default and custom user_import_http-api.json, check class of active CSV reader
[4.2] b00c0de3 Bug #47157: changelog
[4.2] d10db6e0 Bug #47157: advisory
[4.2] 59254a76 Bug #47157: fix double .json, strip whitespace from class names, remove test class
[4.2] 2d4143ae Bug #47157: changelog
[4.2] 08458f83 Bug #47157: advisory update
the config file is now properly created and imported OK
school name is added as prefix OK
import ran successfully
Manual was adapted OK
reader checked OK
UCS@school 4.2 v10 has been released.
If this error occurs again, please clone this bug.