\%rv;
}
+sub valid_inbox_name ($) {
+ my ($name) = @_;
+
+ # Similar rules found in git.git/remote.c::valid_remote_nick
+ # and git.git/refs.c::check_refname_component
+ # We don't reject /\.lock\z/, however, since we don't lock refs
+ if ($name eq '' || $name =~ /\@\{/ ||
+ $name =~ /\.\./ || $name =~ m![/:\?\[\]\^~\s\f[:cntrl:]\*]! ||
+ $name =~ /\A\./ || $name =~ /\.\z/) {
+ return 0;
+ }
+
+ # Note: we allow URL-unfriendly characters; users may configure
+ # non-HTTP-accessible inboxes
+ 1;
+}
+
sub _fill {
my ($self, $pfx) = @_;
my $rv = {};
my $name = $pfx;
$name =~ s/\Apublicinbox\.//;
- # same rules as git.git/remote.c::valid_remote_nick
- if ($name eq '' || $name =~ m!/! || $name eq '.' || $name eq '..') {
+ if (!valid_inbox_name($name)) {
warn "invalid inbox name: '$name'\n";
return;
}
use PublicInbox::MID qw(mid_escape);
require PublicInbox::Git;
use PublicInbox::GitHTTPBackend;
-our $INBOX_RE = qr!\A/([\w\.\-]+)!;
+
+# TODO: consider a routing tree now that we have more endpoints:
+our $INBOX_RE = qr!\A/([\w\-][\w\.\-]*)!;
our $MID_RE = qr!([^/]+)!;
our $END_RE = qr!(T/|t/|t\.mbox(?:\.gz)?|t\.atom|raw|)!;
our $ATTACH_RE = qr!(\d[\.\d]*)-([[:alnum:]][\w\.-]+[[:alnum:]])!i;
}, 'known addresses populated');
}
+my @invalid = (
+ # git rejects this because it locks refnames, but we don't have
+ # this problem with inbox names:
+ # 'inbox.lock',
+
+ # git rejects these:
+ '', '..', '.', 'stash@{9}', 'inbox.', '^caret', '~tilde',
+ '*asterisk', 's p a c e s', ' leading-space', 'trailing-space ',
+ 'question?', 'colon:', '[square-brace]', "\fformfeed",
+ "\0zero", "\bbackspace",
+
+);
+
+require Data::Dumper;
+for my $s (@invalid) {
+ my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+ ok(!PublicInbox::Config::valid_inbox_name($s), "$d name rejected");
+}
+
+# obviously-valid examples
+my @valid = qw(a a@example a@example.com);
+
+# Rejecting more was considered, but then it dawned on me that
+# people may intentionally use inbox names which are not URL-friendly
+# to prevent the PSGI interface from displaying them...
+# URL-unfriendly
+# '<', '>', '%', '#', '?', '&', '(', ')',
+
+# maybe these aren't so bad, they're common in Message-IDs, even:
+# '!', '$', '=', '+'
+push @valid, qw[bang! ca$h less< more> 1% (parens) &more eql= +plus], '#hash';
+for my $s (@valid) {
+ my $d = Data::Dumper->new([$s])->Terse(1)->Indent(0)->Dump;
+ ok(PublicInbox::Config::valid_inbox_name($s), "$d name accepted");
+}
+
done_testing();