Index: openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl,v diff -u -r1.61.2.37 -r1.61.2.38 --- openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 7 Feb 2023 16:57:31 -0000 1.61.2.37 +++ openacs-4/packages/acs-tcl/tcl/tcl-documentation-procs.tcl 16 Mar 2023 14:17:50 -0000 1.61.2.38 @@ -2380,6 +2380,29 @@ return 0 } +ad_page_contract_filter safetclchars { name value } { + + Checks whether the value contains just characters, which can be + used safely in a Tcl eval or subst command. This means, that the characters + '$', '[', ']' and '\' disallowed,. + + @author Gustaf Neumann + @creation-date 15 Mar 2023 +} { + + if {[info commands ns_valid_utf8] ne "" + && ![ns_valid_utf8 $value]} { + ad_complain [_ acs-tcl.lt_name_contains_invalid] + return 0 + } + + if {[regexp {^[^\[\]\\\$]+$} $value]} { + return 1 + } + ad_complain [_ acs-tcl.lt_name_contains_invalid] + return 0 +} + ad_page_contract_filter printable { name value } { Checks whether the value contains only characters with a printable Index: openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl,v diff -u -r1.71.2.50 -r1.71.2.51 --- openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl 7 Feb 2023 17:00:40 -0000 1.71.2.50 +++ openacs-4/packages/acs-tcl/tcl/test/acs-tcl-test-procs.tcl 16 Mar 2023 14:17:50 -0000 1.71.2.51 @@ -455,34 +455,34 @@ -cats {api smoke} \ -procs { ad_page_contract_filter_invoke + ad_page_contract_filter_proc_allhtml ad_page_contract_filter_proc_boolean + ad_page_contract_filter_proc_clock + ad_page_contract_filter_proc_date ad_page_contract_filter_proc_email ad_page_contract_filter_proc_float ad_page_contract_filter_proc_html - ad_page_contract_filter_proc_allhtml - ad_page_contract_filter_proc_nohtml ad_page_contract_filter_proc_integer ad_page_contract_filter_proc_localurl ad_page_contract_filter_proc_naturalnum ad_page_contract_filter_proc_negative_float + ad_page_contract_filter_proc_nohtml ad_page_contract_filter_proc_object_id ad_page_contract_filter_proc_object_type - ad_page_contract_filter_proc_printable - ad_page_contract_filter_proc_sql_identifier - ad_page_contract_filter_proc_token - ad_page_contract_filter_proc_word - ad_page_contract_filter_proc_clock - ad_page_contract_filter_proc_date - ad_page_contract_filter_proc_time ad_page_contract_filter_proc_oneof ad_page_contract_filter_proc_path ad_page_contract_filter_proc_phone + ad_page_contract_filter_proc_printable ad_page_contract_filter_proc_range + ad_page_contract_filter_proc_safetclchars + ad_page_contract_filter_proc_sql_identifier ad_page_contract_filter_proc_string_length ad_page_contract_filter_proc_string_length_range ad_page_contract_filter_proc_time ad_page_contract_filter_proc_time24 ad_page_contract_filter_proc_tmpfile + ad_page_contract_filter_proc_token + ad_page_contract_filter_proc_word ad_complain ad_page_contract_filter_proc @@ -509,6 +509,7 @@ dict set cases word {red 1 " " 0 "hello_world" 1 {$a} 0 a1 1
0 "a.b" 0 "-flag" 0 "1,2" 0 "r: -1" 0} dict set cases token {red 1 " " 1 "hello_world" 1 {$a} 0 a1 1
0 "a.b" 1 "-flag" 1 "1,2" 1 "r: -1" 1} + dict set cases safetclchars {red 1 " " 1 "hello world" 1 {$a} 0 a1 1
1 "a.b" 1 "-flag" 1 "1,2" 1 "r: -1" 1 {a[b]c} 0 x\\y 0} dict set cases sql_identifier {red 1 " " 0 "hello_world" 1 {$a} 0 a1 1
0 "a.b" 0 "-flag" 0 "1,2" 0 "r: -1" 0}
dict set cases email { {philip@mit.edu} 1 {Philip Greenspun