From 562bf1be265e5f848577090cc4fdbc851f870709 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Wed, 3 Mar 2021 17:52:11 -0700
Subject: [PATCH] Project.pm: more or less more validation of user list on load

The validation of the users field that was recently added was
trying to be clever and be reasonably "loose" with the check
while detecting blatantly invalid user names.

It was using Perl's '\w' (word character) match operator to
do this.

Unfortunately, that's too strict.  The characters '-', '+',
'.' and '_' are allowed in user names provided they are not
the first character.  Only '_' is matched by Perl's '\w'.

Replace the nice and convenient '\w+' with a much less
compact regex that allows the additional characters.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 Girocco/Project.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Girocco/Project.pm b/Girocco/Project.pm
index 9a508d1..efc5d8e 100644
--- a/Girocco/Project.pm
+++ b/Girocco/Project.pm
@@ -775,7 +775,7 @@ sub load {
 		{ use bytes;
 		$crypt =~ /^([^:\x00-\x1F\x7F-\xFF]*)$/ or next; $self->{crypt} = $1; }
 		defined($ulist) or $ulist = '';
-		$ulist =~ /^((?:\w+(?:,\w+)*)?)$/ or next;
+		$ulist =~ /^((?:[a-zA-Z0-9][a-zA-Z0-9+._-]*(?:,[a-zA-Z0-9][a-zA-Z0-9+._-]*)*)?)$/ or next;
 		$self->{users} = [split /,/, $1];
 		$self->{HEAD} = $self->get_HEAD;
 		$self->{orig_HEAD} = $self->{HEAD};
-- 
2.11.4.GIT