Module: check_mk Branch: master Commit: 0265d8ec41707e9abd3eb266865129662875995f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0265d8ec41707e… Author: Sven Panne &lt;sp(a)mathias-kettner.de&gt; Date: Wed Jul 4 09:30:49 2018 +0200 Fixed and enabled anomalous-backslash-in-string warnings. Change-Id: I1a08a576fb37c43ff290003c2c702344b6d2a09c --- tests/pylint/pylintrc | 1 - web/htdocs/htmllib.py | 8 ++++++-- web/htdocs/views.py | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/pylint/pylintrc b/tests/pylint/pylintrc index 41f0516..f011c03 100644 --- a/tests/pylint/pylintrc +++ b/tests/pylint/pylintrc @@ -14,7 +14,6 @@ persistent=yes disable= abstract-method, anomalous-unicode-escape-in-string, - anomalous-backslash-in-string, arguments-differ, attribute-defined-outside-init, bad-classmethod-argument, diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index b1e595c..f6d7430 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -1183,8 +1183,12 @@ class RequestHandler(object): self.listvars = {} # for variables with more than one occurrance self.uploads = {} - # TODO: Fix this regex. +-\ selects all from + to \, not +, - and \! - varname_regex = re.compile('^[\w\d_.%+-\\\*]+$') + # TODO: Previously the regex below matched any alphanumeric character plus any character + # from set(r'%*+,-./:;<=>?@[\_'), but this was very probably unintended. Now we only allow + # alphanumeric characters plus any character from set('%*+-._'), which is probably still a + # bit too broad. We should really figure out what we need and make sure that we only use + # that restricted set. + varname_regex = re.compile(r'^[\w.%*+-]+$') for field in fields.list: varname = field.name diff --git a/web/htdocs/views.py b/web/htdocs/views.py index 58eb554..bc4dfe8 100644 --- a/web/htdocs/views.py +++ b/web/htdocs/views.py @@ -3227,7 +3227,7 @@ def format_plugin_output(output, row = None): if shall_escape: # (?:&lt;A HREF=&quot;), (?: target=&quot;_blank&quot;&gt;)? and endswith(" </A>") is a special # handling for the HTML code produced by check_http when "clickable URL" option is active. - output = re.sub("(?:&lt;A HREF=&quot;)?(http[s]?://[^\"'>\t\s\n,]+)(?: target=&quot;_blank&quot;&gt;)?", + output = re.sub("(?:&lt;A HREF=&quot;)?(http[s]?://[^\"'>\\s,]+)(?: target=&quot;_blank&quot;&gt;)?", lambda p: '<a href="%s"><img class=pluginurl align=absmiddle title="%s" src="images/pluginurl.png"></a>' % (p.group(1).replace('&quot;', ''), p.group(1).replace('&quot;', '')), output)