Skip to content

Commit

Permalink
Added a fix for LDEV-2887 (#949)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cfmitrah
cfmitrah authored Apr 1, 2021
1 parent a1c01f8 commit 43a715f
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions core/src/main/java/lucee/runtime/tag/Admin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
import java.util.TimeZone;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.ServletConfig;
import javax.servlet.jsp.tagext.Tag;
Expand Down Expand Up @@ -189,6 +191,7 @@
import lucee.transformer.library.ClassDefinitionImpl;
import lucee.transformer.library.function.FunctionLib;
import lucee.transformer.library.tag.TagLib;
import lucee.runtime.exp.ExpressionException;

/**
*
Expand Down Expand Up @@ -2626,6 +2629,13 @@ private void doUpdateDatasource() throws PageException {
cn = "com.microsoft.sqlserver.jdbc.SQLServerDriver";
}

Pattern pattern = Pattern.compile("[a-zA-Z0-9_]*");
Matcher matcher = pattern.matcher(getString("admin", action, "newName"));

if (matcher.matches() == false) {
throw new ExpressionException("Trying to create a data source with a name that is invalid. Data source Names must match proper variable naming conventions");
}

ClassDefinition cd = new ClassDefinitionImpl(cn, getString("bundleName", null), getString("bundleVersion", null), config.getIdentification());

// customParameterSyntax
Expand Down

0 comments on commit 43a715f

Please sign in to comment.