projects
/
invirt/packages/invirt-web.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix a potential quota hole from cross-realm Hesiod entries.
[invirt/packages/invirt-web.git]
/
code
/
validation.py
diff --git
a/code/validation.py
b/code/validation.py
index
480d007
..
0285044
100644
(file)
--- a/
code/validation.py
+++ b/
code/validation.py
@@
-241,6
+241,8
@@
def testOwner(user, owner, machine=None):
return machine.owner
if owner is None:
raise InvalidInput('owner', owner, "Owner must be specified")
return machine.owner
if owner is None:
raise InvalidInput('owner', owner, "Owner must be specified")
+ if '@' in owner:
+ raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
try:
if user not in cache_acls.expandLocker(owner):
raise InvalidInput('owner', owner, 'You do not have access to the '
try:
if user not in cache_acls.expandLocker(owner):
raise InvalidInput('owner', owner, 'You do not have access to the '