Experiment: Remove character whitelist for tag names.
I have always felt bad about forbidding unicode in tag names, but I want to make sure I have a grip on sanitization / preventing abuse before allowing it. I think stripping control characters is enough and any abuse can be handled manually. Of course that's all fiction because there are no users except myself.
This commit is contained in:
parent
26b9371f26
commit
39b7f3cd98
3 changed files with 10 additions and 8 deletions
|
@ -291,7 +291,7 @@ DEFAULT_CONFIGURATION = {
|
|||
'tag': {
|
||||
'min_length': 1,
|
||||
'max_length': 32,
|
||||
'valid_chars': string.ascii_lowercase + string.digits + '_()',
|
||||
# 'valid_chars': string.ascii_lowercase + string.digits + '_()',
|
||||
},
|
||||
|
||||
'user': {
|
||||
|
|
|
@ -1206,17 +1206,19 @@ class Tag(ObjectBase, GroupableMixin):
|
|||
return description
|
||||
|
||||
@staticmethod
|
||||
def normalize_name(name, valid_chars=None, min_length=None, max_length=None):
|
||||
def normalize_name(name, min_length=None, max_length=None):
|
||||
original_name = name
|
||||
if valid_chars is None:
|
||||
valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars']
|
||||
# if valid_chars is None:
|
||||
# valid_chars = constants.DEFAULT_CONFIGURATION['tag']['valid_chars']
|
||||
|
||||
name = name.lower().strip()
|
||||
name = name.strip('.+')
|
||||
name = name.lower()
|
||||
name = helpers.remove_control_characters(name)
|
||||
name = name.strip(' .+')
|
||||
name = name.split('+')[0].split('.')[-1]
|
||||
name = name.replace('-', '_')
|
||||
name = name.replace(' ', '_')
|
||||
name = ''.join(c for c in name if c in valid_chars)
|
||||
name = name.replace('=', '')
|
||||
# name = ''.join(c for c in name if c in valid_chars)
|
||||
|
||||
if min_length is not None and len(name) < min_length:
|
||||
raise exceptions.TagTooShort(original_name)
|
||||
|
|
|
@ -1192,7 +1192,7 @@ class PDBTagMixin:
|
|||
def normalize_tagname(self, tagname):
|
||||
tagname = objects.Tag.normalize_name(
|
||||
tagname,
|
||||
valid_chars=self.config['tag']['valid_chars'],
|
||||
# valid_chars=self.config['tag']['valid_chars'],
|
||||
min_length=self.config['tag']['min_length'],
|
||||
max_length=self.config['tag']['max_length'],
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue