From 67de1cbc3b5f9097ad8458c18865b423e431a68e Mon Sep 17 00:00:00 2001
From: "Maria Odea B. Ching" <oching@apache.org>
Date: Tue, 27 May 2008 11:38:22 +0000
Subject: [PATCH] [MRM-819] added validation to allow only alphanumeric, '.',
 '-' and '_' characters for repo group id

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@660472 13f79535-47bb-0310-9956-ffa450edef68
---
 .../repositories/RepositoryGroupsAction.java  | 30 +++++++++++++++----
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
index adfdaf18d..d1109d12a 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/RepositoryGroupsAction.java
@@ -21,6 +21,9 @@ package org.apache.maven.archiva.web.action.admin.repositories;
 
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.http.HttpServletRequest;
 
 import com.opensymphony.webwork.interceptor.ServletRequestAware;
@@ -60,6 +63,8 @@ public class RepositoryGroupsAction
      */
     private String baseUrl;
     
+    private static final Pattern REPO_GROUP_ID_PATTERN = Pattern.compile( "[A-Za-z0-9\\._\\-]+" ); 
+    
     public void setServletRequest( HttpServletRequest request )
     {
         this.baseUrl = ContextUtils.getBaseURL( request, "repository" );
@@ -81,6 +86,25 @@ public class RepositoryGroupsAction
 
         String repoGroupId = repositoryGroup.getId();
         
+        if( repoGroupId == null || "".equals( repoGroupId.trim() ) )
+        {
+            addActionError( "Identifier field is required." );
+            return ERROR;
+        }
+        
+        if( repoGroupId.length() > 100 )
+        {
+            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
+            return ERROR;
+        }
+                
+        Matcher matcher = REPO_GROUP_ID_PATTERN.matcher( repoGroupId );        
+        if( !matcher.matches() )
+        {
+            addActionError( "Invalid character(s) found in identifier. Only the following characters are allowed: alphanumeric, '.', '-' and '_'" );
+            return ERROR;
+        }
+        
         if ( StringUtils.isBlank( repoGroupId ) )
         {
         	addActionError( "You must enter a repository group id." );
@@ -105,12 +129,6 @@ public class RepositoryGroupsAction
                     + "], that id already exists as a remote repository." );
             return ERROR;
         }
-        
-        if( repoGroupId.length() > 100 )
-        {
-            addActionError( "Identifier [" + repoGroupId + "] is over the maximum limit of 100 characters" );
-            return ERROR;
-        }
             
         configuration.addRepositoryGroup( repositoryGroup );
         return saveConfiguration( configuration );
-- 
2.39.5