Bug 357005: 'cf_' should not be allowed as a custom field name

Patch by Olav Vitters <olav@bkor.dhs.org> r=LpSolit a=myk

diff --git a/editfields.cgi b/editfields.cgi
index a77aafe7727975f0fe1397e361c87c1f4a16ae97..f7a05901630be2f9d4ed93e539ed8d74800fd6bc 100644 (file)
--- a/editfields.cgi
+++ b/editfields.cgi
@@ -63,8 +63,8 @@ elsif ($action eq 'new') {
     # Validate these fields.
     $name || ThrowUserError('customfield_missing_name');
     # Don't want to allow a name that might mess up SQL.
-    $name =~ /^\w+$/ || ThrowUserError('customfield_invalid_name',
-                                       { name => $name });
+    $name =~ /^\w+$/ && $name ne "cf_"
+      || ThrowUserError('customfield_invalid_name', { name => $name });
     # Prepend cf_ to the custom field name to distinguish it from standard fields.
     if ($name !~ /^cf_/) {
         $name = 'cf_' . $name;

diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index bd3f29e114ed0c2d4dc067fcffebf95dc7b3ee84..eebefa9270c890045fd82bfdc94b49745bb60e52 100644 (file)
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -319,7 +319,8 @@
   [% ELSIF error == "customfield_invalid_name" %]
     [% title = "Invalid Custom Field Name" %]
     '[% name FILTER html %]' is not a valid name for a custom field.
-    A name may contain only letters, numbers, and the underscore character.
+    A name may contain only letters, numbers, and the underscore character. The
+    name should also be different from 'cf_'.
 
   [% ELSIF error == "customfield_nonexistent" %]
     [% title = "Unknown Custom Field" %]