Univention Bugzilla – Bug 25095
No error message for invalid UCR variable names
Last modified: 2017-07-12 16:49:23 CEST
Werden im UCR-Modul derzeit beim Anlegen nicht erlaubte Variablennamen angegeben, so wird der Eintrag nicht angelegt, es wird aber auch keine Fehlermeldung ausgegeben. Das könnte durch eine entsprechende RegExp client-seitig gelöst werden.
Variablen mit einem ? oder = im Namen werden ebenfalls nicht verboten.
(In reply to comment #1) > Variablen mit einem ? oder = im Namen werden ebenfalls nicht verboten. Und kommen durch! Key: "foo=bar", Value="baz" => foo: bar=baz. Mit ? ist die Situation ähnlich: Was vor dem ? steht wird auf das gesetzt, was danach kommt (falls die Variable noch nicht existiert)
Created attachment 8093 [details] Patch to check new keys This patch does not accept keys that contain characters other than a-z, A-Z, 0-9, '/', '.', '_', '-'. Also, a key must contain at least one character. However, you can still "create" a "new" variable that overwrites the value of an existing key. It should also be checked if the entered key already exists.
(In reply to Julius Hinrichs from comment #3) > Created attachment 8093 [details] > Patch to check new keys > > This patch does not accept keys that contain characters other than a-z, A-Z, > 0-9, '/', '.', '_', '-'. Also, a key must contain at least one character. > > However, you can still "create" a "new" variable that overwrites the value > of an existing key. It should also be checked if the entered key already > exists. The validation should be done in the backend as well.
Created attachment 8107 [details] Improved patch to check new keys This patch performs the same character checks both in the frontend and in the backend. Additionally, in the backend, adding a new variable fails if the given key already exists.
Created attachment 8113 [details] python backend patch (without javascript adjustments) (In reply to Julius Hinrichs from comment #5) > Created attachment 8107 [details] > Improved patch to check new keys > > This patch performs the same character checks both in the frontend and in > the backend. Additionally, in the backend, adding a new variable fails if > the given key already exists. The check now checks if the variable is registered via an info file in UCR but not if the variable is already set. This prevents setting unregistered variables like foo/bar. UCR also has a utility function to validate the key. This should be used instead of the regex. Attached is a patch which fixes both.
> adding a new variable fails if the given key already exists Do you mean ucr set foo=bar ucr set foo=baz fails? That would break a lot of things.
(In reply to Arvid Requate from comment #7) > > adding a new variable fails if the given key already exists > > Do you mean > > ucr set foo=bar > ucr set foo=baz > > fails? That would break a lot of things. UMC uses "add" for new variables and "put" for existing ones. "ucr set" in the shell should still cover both cases.
*** Bug 41629 has been marked as a duplicate of this bug. ***
The utility function to validate the key didn't work for me. See bug 41629
(In reply to Florian Best from comment #6) > Created attachment 8113 [details] > python backend patch (without javascript adjustments) > > (In reply to Julius Hinrichs from comment #5) > > Created attachment 8107 [details] > > Improved patch to check new keys > > > > This patch performs the same character checks both in the frontend and in > > the backend. Additionally, in the backend, adding a new variable fails if > > the given key already exists. > > The check now checks if the variable is registered via an info file in UCR > but not if the variable is already set. This prevents setting unregistered > variables like foo/bar. UCR also has a utility function to validate the key. > This should be used instead of the regex. Attached is a patch which fixes > both. Applied rebased patch: r 80972 univention-config-registry (12.0.1-6) * Bug #25095: Add a check for ": " in validate_key r 80974 univention-management-console-module-ucr (6.0.1-5) * Bug #25095: Applied patch - Show error message if UCR key is not valid and improve key validation YAML: r 80975
Created attachment 9012 [details] patch OK: changes for validate_key(): it's not allowed anymore to set variables containing ": " # ucr set 'foo: =bar' Please fix invalid ": " in config registry key "foo: " Not setting foo: REOPEN: Please make the following adjustments: * Change "key" to "UCR variable name" in the message: "A valid key must contain at least…" * The check for the already set UCR variable (e.g. apache2/autostart) doesn't work when adding variables. * I think the "validate" request is unnecessary and should only be done in the "add" / "put" request. * I think the validation for ": " is not required to be done in the Javascript. Instead the error message from validate_key() should be used. I attached a patch which does most of the things. TODO: The translation has to be moved to the other .po file. TODO: the check for duplicated variables needs to be fixed.
(In reply to Florian Best from comment #12) > Created attachment 9012 [details] > patch > Applied patch: r 81047 univention-management-console-module-ucr (6.0.1-6) * Bug #25095: Applied patch from Florian Best - Simplify error handling and messages r 81048 univention-config-registry (12.0.1-7) * Bug #25095: Improve wording of validate_key error messages YAML: r 81050
Very nice! OK: YAML
<http://errata.software-univention.de/ucs/4.2/94.html> <http://errata.software-univention.de/ucs/4.2/95.html>