From e74a87f5ce727e5e3e87869d6bd5f578eaef6a29 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 9 Apr 2014 07:34:06 +0200
Subject: [PATCH] correctly verify ipset name

---
 src/PVE/API2/Firewall/IPSet.pm | 30 ++++++++----------------------
 src/PVE/Firewall.pm            |  9 ++++++++-
 2 files changed, 16 insertions(+), 23 deletions(-)

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 71f6b4c..856e5f8 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -14,10 +14,7 @@ my $api_properties = {
 	description => "Network/IP specification in CIDR format.",
 	type => 'string', format => 'IPv4orCIDR',
     },
-    name => {
-	description => "IP set name.",
-	type => 'string',
-    },
+    name => get_standard_option('ipset-name'),
     comment => {
 	type => 'string',
 	optional => 1,
@@ -295,8 +292,9 @@ package PVE::API2::Firewall::BaseIPSetList;
 
 use strict;
 use warnings;
-use PVE::Firewall;
+use PVE::JSONSchema qw(get_standard_option);
 use PVE::Exception qw(raise_param_exc);
+use PVE::Firewall;
 
 use base qw(PVE::RESTHandler);
 
@@ -316,10 +314,7 @@ sub register_index {
 	    items => {
 		type => "object",
 		properties => { 
-		    name => {
-			description => "IPSet name.",
-			type => 'string',
-		    },
+		    name => get_standard_option('ipset-name'),
 		},
 	    },
 	    links => [ { rel => 'child', href => "{name}" } ],
@@ -350,16 +345,11 @@ sub register_create {
 	parameters => {
 	    additionalProperties => 0,
 	    properties => { 
-		name => {
-		    # fixme: verify format
-		    description => "IP set name.",
-		    type => 'string',
-		},
-		rename => {
+		name => get_standard_option('ipset-name'),
+		rename => get_standard_option('ipset-name', {
 		    description => "Rename an existing IPSet.",
-		    type => 'string',
 		    optional => 1,
-		},
+		}),
 	    }
 	},
 	returns => { type => 'null' },
@@ -400,11 +390,7 @@ sub register_delete {
 	parameters => {
 	    additionalProperties => 0,
 	    properties => { 
-		name => {
-		    # fixme: verify format
-		    description => "IP set name.",
-		    type => 'string',
-		},
+		name => get_standard_option('ipset-name'),
 	    }
 	},
 	returns => { type => 'null' },
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index a2e6b79..1438125 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -7,7 +7,7 @@ use Data::Dumper;
 use Digest::SHA;
 use PVE::INotify;
 use PVE::Exception qw(raise raise_param_exc);
-use PVE::JSONSchema qw(get_standard_option);
+use PVE::JSONSchema qw(register_standard_option get_standard_option);
 use PVE::Cluster;
 use PVE::ProcFSTools;
 use PVE::Tools qw($IPV4RE);
@@ -48,6 +48,13 @@ sub pve_verify_ipv4_or_cidr {
     die "value does not look like a valid IP address or CIDR network\n";
 }
 
+PVE::JSONSchema::register_standard_option('ipset-name', {
+    description => "IP set name.",
+    type => 'string',
+    pattern => '[A-Za-z][A-Za-z0-9\-\_]+',
+    minLength => 2, 
+    maxLength => 20,	  					  
+});
 
 my $feature_ipset_nomatch = 0;
 eval  {
-- 
2.39.2