From 6080c7ec02214157b2d23250ca15704cef0f1f0a Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Fri, 4 Feb 2011 12:20:10 +0000
Subject: [PATCH] Don't permit just any characters in the document name; limit
 this to characters we currently permit in the names, or which has occurred in
 posted documents.  Fixes a problem where non-ascii characters were propagated
 to the database search and caused collation sequence exceptions, instead of
 giving 404 errors.  - Legacy-Id: 2813

---
 ietf/idrfc/urls.py | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/ietf/idrfc/urls.py b/ietf/idrfc/urls.py
index 9f35b8053..1b529769e 100644
--- a/ietf/idrfc/urls.py
+++ b/ietf/idrfc/urls.py
@@ -38,26 +38,26 @@ urlpatterns = patterns('',
     (r'^search/$', views_search.search_results),
     (r'^all/$', views_search.all),
     (r'^active/$', views_search.active),
-    url(r'^ad/(?P<name>[^/]+)/$', views_search.by_ad, name="doc_search_by_ad"),
+    url(r'^ad/(?P<name>[A-Za-z0-9.-]+)/$', views_search.by_ad, name="doc_search_by_ad"),
                        
-    url(r'^(?P<name>[^/]+)/((?P<tab>ballot|writeup|history)/)?$', views_doc.document_main, name="doc_view"),
-    (r'^(?P<name>[^/]+)/doc.json$', views_doc.document_debug),
-    (r'^(?P<name>[^/]+)/_ballot.data$', views_doc.document_ballot),
-    (r'^(?P<name>[^/]+)/ballot.tsv$', views_doc.ballot_tsv),
-    (r'^(?P<name>[^/]+)/ballot.json$', views_doc.ballot_json),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/((?P<tab>ballot|writeup|history)/)?$', views_doc.document_main, name="doc_view"),
+    (r'^(?P<name>[A-Za-z0-9.-]+)/doc.json$', views_doc.document_debug),
+    (r'^(?P<name>[A-Za-z0-9.-]+)/_ballot.data$', views_doc.document_ballot),
+    (r'^(?P<name>[A-Za-z0-9.-]+)/ballot.tsv$', views_doc.ballot_tsv),
+    (r'^(?P<name>[A-Za-z0-9.-]+)/ballot.json$', views_doc.ballot_json),
 
-    url(r'^(?P<name>[^/]+)/edit/state/$', views_edit.change_state, name='doc_change_state'),
-    url(r'^(?P<name>[^/]+)/edit/info/$', views_edit.edit_info, name='doc_edit_info'),
-    url(r'^(?P<name>[^/]+)/edit/requestresurrect/$', views_edit.request_resurrect, name='doc_request_resurrect'),
-    url(r'^(?P<name>[^/]+)/edit/resurrect/$', views_edit.resurrect, name='doc_resurrect'),                       
-    url(r'^(?P<name>[^/]+)/edit/addcomment/$', views_edit.add_comment, name='doc_add_comment'),
-    url(r'^(?P<name>[^/]+)/edit/position/$', views_ballot.edit_position, name='doc_edit_position'),
-    url(r'^(?P<name>[^/]+)/edit/deferballot/$', views_ballot.defer_ballot, name='doc_defer_ballot'),
-    url(r'^(?P<name>[^/]+)/edit/undeferballot/$', views_ballot.undefer_ballot, name='doc_undefer_ballot'),
-    url(r'^(?P<name>[^/]+)/edit/sendballotcomment/$', views_ballot.send_ballot_comment, name='doc_send_ballot_comment'),
-    url(r'^(?P<name>[^/]+)/edit/lastcalltext/$', views_ballot.lastcalltext, name='doc_ballot_lastcall'),
-    url(r'^(?P<name>[^/]+)/edit/ballotwriteupnotes/$', views_ballot.ballot_writeupnotes, name='doc_ballot_writeupnotes'),
-    url(r'^(?P<name>[^/]+)/edit/approvaltext/$', views_ballot.ballot_approvaltext, name='doc_ballot_approvaltext'),
-    url(r'^(?P<name>[^/]+)/edit/approveballot/$', views_ballot.approve_ballot, name='doc_approve_ballot'),
-    url(r'^(?P<name>[^/]+)/edit/makelastcall/$', views_ballot.make_last_call, name='doc_make_last_call'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/state/$', views_edit.change_state, name='doc_change_state'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/info/$', views_edit.edit_info, name='doc_edit_info'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/requestresurrect/$', views_edit.request_resurrect, name='doc_request_resurrect'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/resurrect/$', views_edit.resurrect, name='doc_resurrect'),                       
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/addcomment/$', views_edit.add_comment, name='doc_add_comment'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/position/$', views_ballot.edit_position, name='doc_edit_position'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/deferballot/$', views_ballot.defer_ballot, name='doc_defer_ballot'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/undeferballot/$', views_ballot.undefer_ballot, name='doc_undefer_ballot'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/sendballotcomment/$', views_ballot.send_ballot_comment, name='doc_send_ballot_comment'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/lastcalltext/$', views_ballot.lastcalltext, name='doc_ballot_lastcall'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/ballotwriteupnotes/$', views_ballot.ballot_writeupnotes, name='doc_ballot_writeupnotes'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/approvaltext/$', views_ballot.ballot_approvaltext, name='doc_ballot_approvaltext'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/approveballot/$', views_ballot.approve_ballot, name='doc_approve_ballot'),
+    url(r'^(?P<name>[A-Za-z0-9.-]+)/edit/makelastcall/$', views_ballot.make_last_call, name='doc_make_last_call'),
 )