Changeset 1725 for pykota

Show
Ignore:
Timestamp:
09/15/04 20:47:58 (20 years ago)
Author:
jalet
Message:

Re-Extends the list of invalid characters in names to prevent
people from adding user "*" for example, or to prevent
print administrators to hijack the system by putting dangerous
datas into the database which would cause commands later run by root
to compromise the system.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/pykota/tool.py

    r1695 r1725  
    2222# 
    2323# $Log$ 
     24# Revision 1.121  2004/09/15 18:47:58  jalet 
     25# Re-Extends the list of invalid characters in names to prevent 
     26# people from adding user "*" for example, or to prevent 
     27# print administrators to hijack the system by putting dangerous 
     28# datas into the database which would cause commands later run by root 
     29# to compromise the system. 
     30# 
    2431# Revision 1.120  2004/09/02 13:26:29  jalet 
    2532# Small fix for old versions of LPRng 
     
    616623    def isValidName(self, name) : 
    617624        """Checks if a user or printer name is valid.""" 
    618         invalidchars = "/@" 
     625        invalidchars = "/@?*,;&|" 
    619626        for c in list(invalidchars) : 
    620627            if c in name :