#356: Added explanation why we sanitise.

AmpersandTarski · Apr 4, 2024 · e89ac4b · e89ac4b
1 parent 3f5af57
commit e89ac4b
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/RAP4/customizations/bootstrap/files/ExecEngineFunctions.php b/RAP4/customizations/bootstrap/files/ExecEngineFunctions.php
@@ -343,16 +343,8 @@
     $zipContentForCommandline = base64_encode($zipContent);
     $mainAldForCommandLine = base64_encode("main.adl");
 
-    //sanitize the username for usage later
     $userName = sanitize_username($userName);
 
-    // $pattern = '/[\W+]/';
-
-    // $userName=strtolower($userName);
-    // $userName = preg_replace($pattern, '-', $userName);
-
-    // $userName = 'st-' . $userName;
-
     $deployment = getenv('RAP_DEPLOYMENT');
     if ($deployment == 'Kubernetes') {
         /** Deployed on Kubernetes Cluster
@@ -479,6 +471,12 @@
     $scriptVersionAtom->link($message, 'compileresponse[ScriptVersion*CompileResponse]')->add();
 });
 
+/**Sanitize the username
+ * As the user is allowed to choose any name, it is possible that the name they chose does not conform to restrictions places on the string in certain use cases.
+ * For example, a user could use special characters in their username. This might violate the restrictions placed on strings in a kubernetes metadata.name field.
+ * Therefore we remove all characters deemed unfit, and create a hash from these characters and append this hash at the end.
+ * To prevent casting errors between int and string, we append 'st' at the beginning.
+*/
 function sanitize_username($username) {
     // Define the pattern of illegal characters
     $pattern = '/[^a-zA-Z0-9]/';