[MRM-819]

author Maria Odea B. Ching <oching@apache.org>

Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)

committer Maria Odea B. Ching <oching@apache.org>

Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)
author Maria Odea B. Ching <oching@apache.org>
Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)
committer Maria Odea B. Ching <oching@apache.org>
Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java

index adfdaf18de7dc7261aabe4d0c920b6399c37102a..d1109d12a96d7e6ef8631ac8afee1f2de65963e6 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
@@ -21,6 +21,9 @@ package org.apache.maven.archiva.web.action.admin.repositories;
  
  import java.util.List;
  import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
  import javax.servlet.http.HttpServletRequest;
  
  import com.opensymphony.webwork.interceptor.ServletRequestAware;
@@ -60,6 +63,8 @@ public class RepositoryGroupsAction
       */
      private String baseUrl;
      
+    private static final Pattern REPO_GROUP_ID_PATTERN = Pattern.compile( "[A-Za-z0-9\\._\\-]+" ); 
+    
      public void setServletRequest( HttpServletRequest request )
      {
          this.baseUrl = ContextUtils.getBaseURL( request, "repository" );
@@ -81,6 +86,25 @@ public class RepositoryGroupsAction
  
          String repoGroupId = repositoryGroup.getId();
          
+        if( repoGroupId == null || "".equals( repoGroupId.trim() ) )
+        {
+            addActionError( "Identifier field is required." );
+            return ERROR;
+        }
+        
+        if( repoGroupId.length() > 100 )
+        {
+            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
+            return ERROR;
+        }
+                
+        Matcher matcher = REPO_GROUP_ID_PATTERN.matcher( repoGroupId );        
+        if( !matcher.matches() )
+        {
+            addActionError( "Invalid character(s) found in identifier. Only the following characters are allowed: alphanumeric, '.', '-' and '_'" );
+            return ERROR;
+        }
+        
          if ( StringUtils.isBlank( repoGroupId ) )
          {
                 addActionError( "You must enter a repository group id." );
@@ -105,12 +129,6 @@ public class RepositoryGroupsAction
                      + "], that id already exists as a remote repository." );
              return ERROR;
          }
-        
-        if( repoGroupId.length() > 100 )
-        {
-            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
-            return ERROR;
-        }
              
          configuration.addRepositoryGroup( repositoryGroup );
          return saveConfiguration( configuration );
author	Maria Odea B. Ching <oching@apache.org>
	Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)
committer	Maria Odea B. Ching <oching@apache.org>
	Tue, 27 May 2008 11:38:22 +0000 (11:38 +0000)