[checkmk-commits] Check_MK Git: check_mk: FIX Allowing star chars in variable names to fix role/permission editing

Module: check_mk Branch: master Commit: cde628307e8e45613c5fea79f2e81f293deeacd4 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cde628307e8e45… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 11 16:14:01 2013 +0100 FIX Allowing star chars in variable names to fix role/permission editing A security related change broke editing NagVis related permissions within WATO. This has been fixed now. --- .werks/205 | 9 +++++++++ ChangeLog | 1 + web/htdocs/html_mod_python.py | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.werks/205 b/.werks/205 new file mode 100644 index 0000000..76b1614 --- /dev/null +++ b/.werks/205 @@ -0,0 +1,9 @@ +Title: Allowing star chars in variable names to fix role/permission editing +Level: 1 +Component: wato +Version: 1.2.3i7 +Date: 1384182766 +Class: fix + +A security related change broke editing NagVis related permissions within +WATO. This has been fixed now. diff --git a/ChangeLog b/ChangeLog index 6df9d74..b7cdd8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ * 0053 New rule for configuring the display_name of a service... * 0048 FIX: Fixed locking issue on host diagnose page * 0033 FIX: WATO forms: incorrect handling of checkbox state + * 0205 FIX: Allowing star chars in variable names to fix role/permission editing... Notifications: * 0032 FIX: mail notification plugin: replace windows forbidden characters in mail images diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py index c8082ec..81d42b1 100644 --- a/web/htdocs/html_mod_python.py +++ b/web/htdocs/html_mod_python.py @@ -3,7 +3,7 @@ import htmllib import os, time, config, weblib, re import defaults -varname_regex = re.compile('^[\w\d_.%+-]+$') +varname_regex = re.compile('^[\w\d_.%+-*]+$') class html_mod_python(htmllib.html):