Config nodes that can contain spaces and have sub-nodes end up not working correctly. For instance L2TP and PPTP usernames, and SNMP community string. setLevel in Config.pm ends up not working in that circumstance, which makes the sub-nodes not function. SNMP in that case ends up with an invalid snmpd.conf. L2TP and PPTP users end up with a blank password.
- Difficulty level
- Normal (likely a few hours)
|Resolved||hagbard||T253 Config nodes containing spaces which have sub-nodes don't work|
|Resolved||hagbard||T716 SNMP: allow only alphanumerical characters for community|
|Restricted Maniphest Task|
|Resolved||hagbard||T720 PPTP authentication username and password need to be restricted|
Worse, such config can be saved, but cannot be loaded afterwards because the formatter doesn't bother to quote such strings and you end up with a syntactically invalid config.
I'm afraid there may not be a general solution in 1.x.x, but we can identify tag nodes without validation rules and add some rules to them at least.
Other vendors put in restrictions for that (cisco for instance allows only alpha numerical characters), that could be done in the xml with a regex to prevent the issue you have raised. I only had a look into the snmp configuration for now, but I expect that on many other places too.
Any objections about restricting the input?