commit 44f26ef64f0036474f4eed6974886ee4f41e28f0
parent ad6febb90444e97e3f3b58dce7274eaf593dc73f
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 20 Jul 2021 16:41:44 +0200
implement regex to restrict id
Diffstat:
2 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_auditors.c b/src/backend/taler-merchant-httpd_auditors.c
@@ -230,14 +230,15 @@ TMH_AUDITORS_init (const struct GNUNET_CONFIGURATION_Handle *cfg)
j_auditors = json_array ();
for (unsigned int cnt = 0; cnt < nauditors; cnt++)
GNUNET_assert (0 ==
- json_array_append_new (j_auditors,
- json_pack ("{s:s, s:o, s:s}",
- "name", auditors[cnt].name,
- "auditor_pub",
- GNUNET_JSON_from_data_auto (
- &auditors[cnt].public_key),
- "url",
- auditors[cnt].url)));
+ json_array_append_new (
+ j_auditors,
+ json_pack ("{s:s, s:o, s:s}",
+ "name", auditors[cnt].name,
+ "auditor_pub",
+ GNUNET_JSON_from_data_auto (
+ &auditors[cnt].public_key),
+ "url",
+ auditors[cnt].url)));
return nauditors;
}
diff --git a/src/backend/taler-merchant-httpd_private-post-instances.c b/src/backend/taler-merchant-httpd_private-post-instances.c
@@ -25,7 +25,7 @@
#include "platform.h"
#include "taler-merchant-httpd_private-post-instances.h"
#include <taler/taler_json_lib.h>
-
+#include <regex.h>
/**
* How often do we retry the simple INSERT database transaction?
@@ -287,12 +287,22 @@ TMH_private_post_instances (const struct TMH_RequestHandler *rh,
/* check 'id' well-formed */
{
+ static bool once;
+ static regex_t reg;
bool id_wellformed = true;
- if (NULL != strchr (is.id, '/'))
+ if (! once)
+ {
+ GNUNET_assert (0 ==
+ regcomp (®,
+ "^[A-Za-z0-9][A-Za-z0-9_.@-]+$",
+ REG_EXTENDED));
+ }
+
+ if (0 != regexec (®,
+ is.id,
+ 0, NULL, 0))
id_wellformed = false;
- // FIXME: implement regex [A-Za-z0-9_.@-]
- // FIXME: document charset in docs, add restriction to SPA
if (! id_wellformed)
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_BAD_REQUEST,
