From 622d6c4ac55529d0a9470bf26c2e3e18859e29a5 Mon Sep 17 00:00:00 2001
From: Kevin Roast <kevin.roast@alfresco.com>
Date: Thu, 23 Feb 2006 11:33:14 +0000
Subject: [PATCH] Fix to disallow quotes in usernames (as per Group names)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2477 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/messages/webclient.properties    |  1 +
 source/java/org/alfresco/web/bean/LoginBean.java | 11 +++++++++--
 source/web/jsp/browse/browse.jsp                 |  2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/config/alfresco/messages/webclient.properties b/config/alfresco/messages/webclient.properties
index 4131dd4f64..cd8fbc7dcc 100644
--- a/config/alfresco/messages/webclient.properties
+++ b/config/alfresco/messages/webclient.properties
@@ -258,6 +258,7 @@ loggedout_details=You have been logged out of Alfresco.
 relogin=Re-login to Alfresco
 no_access=You have no access to Alfresco.
 no_cookies=Cookies must be enabled in your browser for the Alfresco Web-Client to function correctly.
+user_err_user_name=User ID cannot contain the characters: {0}
 
 # Browse list messages
 no_space_items=No items to display. Click the ''{0}'' action to create a space.
diff --git a/source/java/org/alfresco/web/bean/LoginBean.java b/source/java/org/alfresco/web/bean/LoginBean.java
index d55c3d48ae..112ed266eb 100644
--- a/source/java/org/alfresco/web/bean/LoginBean.java
+++ b/source/java/org/alfresco/web/bean/LoginBean.java
@@ -240,13 +240,19 @@ public class LoginBean
    public void validateUsername(FacesContext context, UIComponent component, Object value)
          throws ValidatorException
    {
-      String pass = (String) value;
-      if (pass.length() < 3 || pass.length() > 32)
+      String name = (String) value;
+      if (name.length() < 3 || name.length() > 32)
       {
          String err = MessageFormat.format(Application.getMessage(context, MSG_USERNAME_LENGTH),
                new Object[]{3, 32});
          throw new ValidatorException(new FacesMessage(err));
       }
+      if (name.indexOf('\'') != -1 || name.indexOf('"') != -1 || name.indexOf('\\') != -1)
+      {
+         String err = MessageFormat.format(Application.getMessage(context, MSG_USER_ERR),
+               new Object[]{"', \", \\"});
+         throw new ValidatorException(new FacesMessage(err));
+      }
    }
 
    
@@ -397,6 +403,7 @@ public class LoginBean
    private static final String MSG_USERNAME_LENGTH = "login_err_username_length";
    private static final String MSG_PASSWORD_CHARS = "login_err_password_chars";
    private static final String MSG_PASSWORD_LENGTH = "login_err_password_length";
+   private static final String MSG_USER_ERR = "user_err_user_name";
 
    public static final String LOGIN_REDIRECT_KEY = "_alfRedirect";
    public static final String LOGIN_EXTERNAL_AUTH= "_alfExternalAuth";
diff --git a/source/web/jsp/browse/browse.jsp b/source/web/jsp/browse/browse.jsp
index 2802127b9d..0d0867d19f 100644
--- a/source/web/jsp/browse/browse.jsp
+++ b/source/web/jsp/browse/browse.jsp
@@ -186,7 +186,7 @@
                            </a:panel>
                            
                            <td class="separator" width=1></td>
-                           <td width=110 valign=middle>
+                           <td width=118 valign=middle>
                               <%-- View mode settings --%>
                               <a:modeList itemSpacing="4" iconColumnWidth="20" selectedStyleClass="statusListHighlight" disabledStyleClass="statusListDisabled" selectedImage="/images/icons/Details.gif"
                                     value="#{BrowseBean.browseViewMode}" actionListener="#{BrowseBean.viewModeChanged}" menu="true" menuImage="/images/icons/menu.gif" styleClass="moreActionsMenu">