Fix CheckValidNames().

- Make RegExp configurable.
- Change default for clients
  (client names have spaces).

Signed-off-by: Thomas Hochstein <thh@thh.name>
This commit is contained in:
Thomas Hochstein 2025-05-30 23:29:40 +02:00
parent 66a175c7f8
commit 09a9112679

View file

@ -642,9 +642,11 @@ sub SQLGroupList {
### OUT: SQL code to become part of a 'WHERE' clause,
### list of names for SQL bindings
my ($Names,$Type) = @_;
my $InvalidCharRegExp;
# substitute '*' wildcard with SQL wildcard character '%'
$Names =~ s/\*/%/g;
return (undef,undef) if !CheckValidNames($Names);
$InvalidCharRegExp = ',;' if $Type eq 'client';
return (undef,undef) if !CheckValidNames($Names,$InvalidCharRegExp);
# just one name/newsgroup?
return (SQLGroupWildcard($Names,$Type),$Names) if $Names !~ /:/;
my ($SQL,@WildcardNames,@NoWildcardNames);
@ -807,10 +809,11 @@ sub SQLBuildClause {
sub CheckValidNames {
################################################################################
### syntax check of a list
### IN : $Names: list of names, e.g. newsgroups (group.one.*:group.two:group.three.*)
### IN : $Names : list of names, e.g. newsgroups (group.one.*:group.two:group.three.*)
### InvalidCharRegExp: regular expression for invalid characters
### OUT: boolean
my ($Names) = @_;
my $InvalidCharRegExp = ',; ';
my ($Names,$InvalidCharRegExp) = @_;
$InvalidCharRegExp = ',; ' if (!$InvalidCharRegExp);
return ($Names =~ /[$InvalidCharRegExp]/) ? 0 : 1;
};