projects
/
invirt/packages/invirt-web.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4ed55b4
)
Fix a potential quota hole from cross-realm Hesiod entries.
author
Evan Broder
<broder@mit.edu>
Tue, 7 Apr 2009 02:13:53 +0000
(22:13 -0400)
committer
Evan Broder
<broder@mit.edu>
Tue, 7 Apr 2009 02:13:53 +0000
(22:13 -0400)
svn path=/trunk/packages/invirt-web/; revision=2293
code/validation.py
patch
|
blob
|
history
diff --git
a/code/validation.py
b/code/validation.py
index
480d007
..
0285044
100644
(file)
--- a/
code/validation.py
+++ b/
code/validation.py
@@
-241,6
+241,8
@@
def testOwner(user, owner, machine=None):
return machine.owner
if owner is None:
raise InvalidInput('owner', owner, "Owner must be specified")
+ if '@' in owner:
+ raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
try:
if user not in cache_acls.expandLocker(owner):
raise InvalidInput('owner', owner, 'You do not have access to the '