From: Michael R Sweet <michaelrsweet@gmail.com>
Date: Wed, 1 Nov 2017 16:27:58 +0000 (-0400)
Subject: No longer support backslash, question mark, or quotes in printer names (Issue #4966)
X-Git-Tag: v2.3b1~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1547f121cd10de60d57248a9de6df3982f451c4;p=thirdparty%2Fcups.git

No longer support backslash, question mark, or quotes in printer names (Issue #4966)
---

diff --git a/CHANGES.md b/CHANGES.md
index 865d4976c7..0dc43a0557 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,8 @@ CHANGES - 2.3b1 - 2017-11-01
 Changes in CUPS v2.3b1
 ----------------------
 
+- No longer support backslash, question mark, or quotes in printer names
+  (Issue #4966)
 - Dropped RSS subscription management from the web interface (Issue #5012)
 - The lpadmin command now provides a better error message when an unsupported
   System V interface script is used (Issue #5111)
diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c
index cfdf3ff013..179a8d68ea 100644
--- a/cgi-bin/admin.c
+++ b/cgi-bin/admin.c
@@ -695,16 +695,13 @@ do_am_printer(http_t *http,		/* I - HTTP connection */
   if ((name = cgiGetVariable("PRINTER_NAME")) != NULL)
   {
     for (ptr = name; *ptr; ptr ++)
-      if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '#')
+      if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '\\' || *ptr == '?' || *ptr == '\'' || *ptr == '\"' || *ptr == '#')
 	break;
 
     if (*ptr || ptr == name || strlen(name) > 127)
     {
       cgiSetVariable("ERROR",
-		     cgiText(_("The printer name may only contain up to "
-			       "127 printable characters and may not "
-			       "contain spaces, slashes (/), or the "
-			       "pound sign (#).")));
+		     cgiText(_("The printer name may only contain up to 127 printable characters and may not contain spaces, slashes (/ \\), quotes (' \"), question mark (?), or the pound sign (#).")));
       cgiStartHTML(title);
       cgiCopyTemplateLang("error.tmpl");
       cgiEndHTML();
diff --git a/systemv/lpadmin.c b/systemv/lpadmin.c
index b36ea48c43..48dcd76f66 100644
--- a/systemv/lpadmin.c
+++ b/systemv/lpadmin.c
@@ -1591,8 +1591,7 @@ validate_name(const char *name)		/* I - Name to check */
   for (ptr = name; *ptr; ptr ++)
     if (*ptr == '@')
       break;
-    else if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' ||
-             *ptr == '#')
+    else if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '\\' || *ptr == '?' || *ptr == '\'' || *ptr == '\"' || *ptr == '#')
       return (0);
 
  /*