about summary refs log tree commit homepage
path: root/t
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2019-01-09 11:43:26 +0000
committerEric Wong <e@80x24.org>2019-01-15 21:23:45 +0000
commit1f4ce0de1cd70b905dc2cd40628785b01060738c (patch)
tree964fbdf38b8cb4a88fedc10d7432051cd0540509 /t
parentadf443322d8747bbc5b0b1d6e7bf819f70244456 (diff)
downloadpublic-inbox-1f4ce0de1cd70b905dc2cd40628785b01060738c.tar.gz
Actually, it turns out git.git/remote.c::valid_remote_nick
rules alone are insufficient.  More checking is performed as
part of the refname in the git.git/refs.c::check_refname_component

I also considered rejecting URL-unfriendly inbox names entirely,
but realized some users may intentionally configure names not
handled by our WWW endpoint for archives they don't want
accessible over HTTP.
Diffstat (limited to 't')
-rw-r--r--t/config.t36
1 files changed, 36 insertions, 0 deletions
diff --git a/t/config.t b/t/config.t
index 6a6b98c8..5f0a95ba 100644
--- a/t/config.t
+++ b/t/config.t
@@ -114,4 +114,40 @@ my $tmpdir = tempdir('pi-config-XXXXXX', TMPDIR => 1, CLEANUP => 1);
                 }, 'known addresses populated');
 }
 
+my @invalid = (
+        # git rejects this because it locks refnames, but we don't have
+        # this problem with inbox names:
+        # 'inbox.lock',
+
+        # git rejects these:
+        '', '..', '.', 'stash@{9}', 'inbox.', '^caret', '~tilde',
+        '*asterisk', 's p a c e s', ' leading-space', 'trailing-space ',
+        'question?', 'colon:', '[square-brace]', "\fformfeed",
+        "\0zero", "\bbackspace",
+
+);
+
+require Data::Dumper;
+for my $s (@invalid) {
+        my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+        ok(!PublicInbox::Config::valid_inbox_name($s), "$d name rejected");
+}
+
+# obviously-valid examples
+my @valid = qw(a a@example a@example.com);
+
+# Rejecting more was considered, but then it dawned on me that
+# people may intentionally use inbox names which are not URL-friendly
+# to prevent the PSGI interface from displaying them...
+# URL-unfriendly
+# '<', '>', '%', '#', '?', '&', '(', ')',
+
+# maybe these aren't so bad, they're common in Message-IDs, even:
+# '!', '$', '=', '+'
+push @valid, qw[bang! ca$h less< more> 1% (parens) &more eql= +plus], '#hash';
+for my $s (@valid) {
+        my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+        ok(PublicInbox::Config::valid_inbox_name($s), "$d name accepted");
+}
+
 done_testing();