Experiment: Remove character whitelist for tag names.

I have always felt bad about forbidding unicode in tag names,
but I want to make sure I have a grip on sanitization / preventing
abuse before allowing it. I think stripping control characters is
enough and any abuse can be handled manually.
Of course that's all fiction because there are no users except myself.
This commit is contained in:
voussoir 2020-09-17 18:52:00 -07:00
parent 26b9371f26
commit 39b7f3cd98
3 changed files with 10 additions and 8 deletions

View file

@ -291,7 +291,7 @@ DEFAULT_CONFIGURATION = {
'tag': {
'min_length': 1,
'max_length': 32,
'valid_chars': string.ascii_lowercase + string.digits + '_()',
# 'valid_chars': string.ascii_lowercase + string.digits + '_()',
},
'user': {

View file

@ -1206,17 +1206,19 @@ class Tag(ObjectBase, GroupableMixin):
return description
@staticmethod
def normalize_name(name, valid_chars=None, min_length=None, max_length=None):
def normalize_name(name, min_length=None, max_length=None):
original_name = name
if valid_chars is None:
valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars']
# if valid_chars is None:
# valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars']
name = name.lower().strip()
name = name.strip('.+')
name = name.lower()
name = helpers.remove_control_characters(name)
name = name.strip(' .+')
name = name.split('+')[0].split('.')[-1]
name = name.replace('-', '_')
name = name.replace(' ', '_')
name = ''.join(c for c in name if c in valid_chars)
name = name.replace('=', '')
# name = ''.join(c for c in name if c in valid_chars)
if min_length is not None and len(name) < min_length:
raise exceptions.TagTooShort(original_name)

View file

@ -1192,7 +1192,7 @@ class PDBTagMixin:
def normalize_tagname(self, tagname):
tagname = objects.Tag.normalize_name(
tagname,
valid_chars=self.config['tag']['valid_chars'],
# valid_chars=self.config['tag']['valid_chars'],
min_length=self.config['tag']['min_length'],
max_length=self.config['tag']['max_length'],
)