api/ui: datastore: allow to set simple comment

for now forbid all control characters[0] in the comment value, the
section config writer cannot cope with newlines in the value, it
writes them out literally, allowing "injection" or breaking the whole
config.

In the webinterface use also a textfield, not a textarea.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2019-12-19 17:46:39 +01:00
parent e88e3c3a35
commit bca9093520
3 changed files with 11 additions and 6 deletions

View File

@ -32,6 +32,7 @@ pub const POST: ApiMethod = ApiMethod::new(
&ObjectSchema::new( &ObjectSchema::new(
"Create new datastore.", "Create new datastore.",
&[ &[
("comment", true, &StringSchema::new("Comment for this Datastore").schema()),
("name", false, &DATASTORE_SCHEMA), ("name", false, &DATASTORE_SCHEMA),
("path", false, &StringSchema::new("Directory path. The directory path is created if it does not already exist.").schema()), ("path", false, &StringSchema::new("Directory path. The directory path is created if it does not already exist.").schema()),
], ],
@ -54,6 +55,10 @@ fn create_datastore(
bail!("datastore '{}' already exists.", name); bail!("datastore '{}' already exists.", name);
} }
if param["comment"].as_str().unwrap().find(|c: char| c.is_control()) != None {
bail!("comment must not contain control characters!");
}
let path: PathBuf = param["path"].as_str().unwrap().into(); let path: PathBuf = param["path"].as_str().unwrap().into();
let backup_user = crate::backup::backup_user()?; let backup_user = crate::backup::backup_user()?;
let _store = ChunkStore::create( let _store = ChunkStore::create(
@ -65,7 +70,8 @@ fn create_datastore(
)?; )?;
let datastore = json!({ let datastore = json!({
"path": param["path"] "path": param["path"],
"comment": param["comment"],
}); });
config.set_data(name, "datastore", datastore); config.set_data(name, "datastore", datastore);

View File

@ -14,13 +14,15 @@ lazy_static! {
} }
const DIR_NAME_SCHEMA: Schema = StringSchema::new("Directory name").schema(); const DIR_NAME_SCHEMA: Schema = StringSchema::new("Directory name").schema();
const COMMENT_SCHEMA: Schema = StringSchema::new("Datastore comment").schema();
const DATASTORE_ID_SCHEMA: Schema = StringSchema::new("DataStore ID schema.") const DATASTORE_ID_SCHEMA: Schema = StringSchema::new("DataStore ID schema.")
.min_length(3) .min_length(3)
.schema(); .schema();
const DATASTORE_PROPERTIES: ObjectSchema = ObjectSchema::new( const DATASTORE_PROPERTIES: ObjectSchema = ObjectSchema::new(
"DataStore properties", "DataStore properties",
&[ &[
("path", false, &DIR_NAME_SCHEMA) ("comment", true, &COMMENT_SCHEMA),
("path", false, &DIR_NAME_SCHEMA),
] ]
); );

View File

@ -111,8 +111,6 @@ Ext.define('PBS.DataStoreInputPanel', {
onGetValues: function(values) { onGetValues: function(values) {
var me = this; var me = this;
delete values.comment;
return values; return values;
}, },
@ -139,8 +137,7 @@ Ext.define('PBS.DataStoreInputPanel', {
{ {
xtype: 'textfield', xtype: 'textfield',
name: 'comment', name: 'comment',
emptyText: 'Not yet submitted...', fieldLabel: gettext('Comment'),
fieldLabel: gettext('Comment')
}, },
], ],
}); });