From 572e31fb29ac6a7304aaf2e7a804aab9c32b2d1a Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Tue, 8 Nov 2022 17:02:31 +0000 Subject: [PATCH 1/4] Block lucene special characters from new column --- .../components/backend/DataTable/modals/CreateEditColumn.svelte | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte index dce6df6d0d..a2400f1836 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte @@ -304,6 +304,8 @@ const newError = {} if (!external && fieldInfo.name?.startsWith("_")) { newError.name = `Column name cannot start with an underscore.` + } else if (fieldInfo.name?.match(/[\-!*+?^"{}()~\/[\]\\]/g)) { + newError.name = `Illegal character; cannot be: + - ! ( ) { } [ ] ^ " ~ * ? : \\ /` } else if (PROHIBITED_COLUMN_NAMES.some(name => fieldInfo.name === name)) { newError.name = `${PROHIBITED_COLUMN_NAMES.join( ", " From 847fc9f83a6d7d1d9fa2dc4887513c238b3b3d58 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Tue, 8 Nov 2022 17:03:13 +0000 Subject: [PATCH 2/4] Remove escaped characters --- .../components/backend/DataTable/modals/CreateEditColumn.svelte | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte index a2400f1836..279a901ce9 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte @@ -304,7 +304,7 @@ const newError = {} if (!external && fieldInfo.name?.startsWith("_")) { newError.name = `Column name cannot start with an underscore.` - } else if (fieldInfo.name?.match(/[\-!*+?^"{}()~\/[\]\\]/g)) { + } else if (fieldInfo.name?.match(/[-!*+?^"{}()~/[\]\\]/g)) { newError.name = `Illegal character; cannot be: + - ! ( ) { } [ ] ^ " ~ * ? : \\ /` } else if (PROHIBITED_COLUMN_NAMES.some(name => fieldInfo.name === name)) { newError.name = `${PROHIBITED_COLUMN_NAMES.join( From 4f1ecf6dc13a18302c27e2a0f6ddbe3165a1ee30 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Tue, 8 Nov 2022 17:07:25 +0000 Subject: [PATCH 3/4] Missed colon --- .../components/backend/DataTable/modals/CreateEditColumn.svelte | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte index 279a901ce9..4ae1d31edb 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte @@ -304,7 +304,7 @@ const newError = {} if (!external && fieldInfo.name?.startsWith("_")) { newError.name = `Column name cannot start with an underscore.` - } else if (fieldInfo.name?.match(/[-!*+?^"{}()~/[\]\\]/g)) { + } else if (fieldInfo.name?.match(/[-!*+?:^"{}()~/[\]\\]/g)) { newError.name = `Illegal character; cannot be: + - ! ( ) { } [ ] ^ " ~ * ? : \\ /` } else if (PROHIBITED_COLUMN_NAMES.some(name => fieldInfo.name === name)) { newError.name = `${PROHIBITED_COLUMN_NAMES.join( From ca2f85b6f911b215c8de74b1b8c354b32d415980 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Tue, 8 Nov 2022 17:16:35 +0000 Subject: [PATCH 4/4] Use whitelist instead --- .../backend/DataTable/modals/CreateEditColumn.svelte | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte index 4ae1d31edb..84ce61222c 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte @@ -304,8 +304,8 @@ const newError = {} if (!external && fieldInfo.name?.startsWith("_")) { newError.name = `Column name cannot start with an underscore.` - } else if (fieldInfo.name?.match(/[-!*+?:^"{}()~/[\]\\]/g)) { - newError.name = `Illegal character; cannot be: + - ! ( ) { } [ ] ^ " ~ * ? : \\ /` + } else if (fieldInfo.name && !fieldInfo.name.match(/^[a-zA-Z0-9\s]*$/g)) { + newError.name = `Illegal character; must be alpha-numeric.` } else if (PROHIBITED_COLUMN_NAMES.some(name => fieldInfo.name === name)) { newError.name = `${PROHIBITED_COLUMN_NAMES.join( ", "