diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/authenticator-plaintext.lua | 2 | ||||
| -rw-r--r-- | lib/roles.lua | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index 6c4cbbd..613eaab 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -88,6 +88,8 @@ local validate_settings = function (self, userid, username, password, password_c -- Set errormessages when entering invalid values if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end + if string.find(userid, "[^%w_]") then errormessage.userid = "Userid can only contain letters, numbers, and '_'" end + if string.find(username, "%p") then errormessage.username = "Real name cannot contain punctuation" end if password then if (#password == 0) then errormessage.password = "Password cannot be blank!" diff --git a/lib/roles.lua b/lib/roles.lua index 53409c0..201e2a9 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -88,7 +88,7 @@ list_roles = function() -- Open the roles file and parse for defined roles f = fs.read_file_as_array(roles_file) for x,line in pairs(f) do - temprole = string.match(line,"^[%a]+") + temprole = string.match(line,"^[%w_]+") if not reverseroles[temprole] then defined_roles[#defined_roles + 1] = temprole end @@ -123,7 +123,7 @@ get_roles_perm = function(startdir,roles) for x,file in ipairs(rolesfiles) do f = fs.read_file_as_array(file) for y,line in pairs(f) do - if reverseroles[string.match(line,"^[%a]+")] then + if reverseroles[string.match(line,"^[%w_]+")] then temp = format.string_to_table(string.match(line,"[,%a:]+$"),",") for z,perm in pairs(temp) do local control,action = string.match(perm,"(%a+):(%a+)") @@ -156,7 +156,7 @@ get_role_perm = function(startdir,role) for x,file in ipairs(rolesfiles) do f = fs.read_file_as_array(file) for y,line in pairs(f) do - if role == string.match(line,"^[%a]+") then + if role == string.match(line,"^[%w_]+") then temp = format.string_to_table(string.match(line,"[,%a:]+$"),",") for z,perm in pairs(temp) do local control,action = string.match(perm,"(%a+):(%a+)") @@ -214,6 +214,9 @@ set_role_perm = function(role, permissions, permissions_array) return false, "Cannot modify default roles" end end + if string.find(role, '[^%w_]') then + return false, "Role can only contain letters, numbers, and '_'" + end if permissions and not permissions_array then permissions_array = {} for cont,actions in pairs(permissions) do |