Module: check_mk
Branch: master
Commit: cde628307e8e45613c5fea79f2e81f293deeacd4
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cde628307e8e45…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Nov 11 16:14:01 2013 +0100
FIX Allowing star chars in variable names to fix role/permission editing
A security related change broke editing NagVis related permissions within
WATO. This has been fixed now.
---
.werks/205 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/html_mod_python.py | 2 +-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/.werks/205 b/.werks/205
new file mode 100644
index 0000000..76b1614
--- /dev/null
+++ b/.werks/205
@@ -0,0 +1,9 @@
+Title: Allowing star chars in variable names to fix role/permission editing
+Level: 1
+Component: wato
+Version: 1.2.3i7
+Date: 1384182766
+Class: fix
+
+A security related change broke editing NagVis related permissions within
+WATO. This has been fixed now.
diff --git a/ChangeLog b/ChangeLog
index 6df9d74..b7cdd8e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,7 @@
* 0053 New rule for configuring the display_name of a service...
* 0048 FIX: Fixed locking issue on host diagnose page
* 0033 FIX: WATO forms: incorrect handling of checkbox state
+ * 0205 FIX: Allowing star chars in variable names to fix role/permission editing...
Notifications:
* 0032 FIX: mail notification plugin: replace windows forbidden characters in mail
images
diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py
index c8082ec..81d42b1 100644
--- a/web/htdocs/html_mod_python.py
+++ b/web/htdocs/html_mod_python.py
@@ -3,7 +3,7 @@ import htmllib
import os, time, config, weblib, re
import defaults
-varname_regex = re.compile('^[\w\d_.%+-]+$')
+varname_regex = re.compile('^[\w\d_.%+-*]+$')
class html_mod_python(htmllib.html):