4 years ago · db80781716
--- a/Dockerfile
+++ b/Dockerfile
@@ -55,8 +55,6 @@ RUN sed -i "s|\"users_base_dir\": \"\",|\"users_base_dir\": \"/srv/sftpgo/data\"
 
				     sed -i "s|\"backups\"|\"/srv/sftpgo/backups\"|" /etc/sftpgo/sftpgo.json && \
			
 
				     sed -i "s|\"address\": \"127.0.0.1\",|\"address\": \"\",|" /etc/sftpgo/sftpgo.json
			
 
				 
			
 
				-COPY ./docker/scripts/entrypoint.sh /docker-entrypoint.sh
			
 
				-
			
 
				 RUN chown -R sftpgo:sftpgo /etc/sftpgo && chown sftpgo:sftpgo /var/lib/sftpgo /srv/sftpgo
			
 
				 
			
 
				 WORKDIR /var/lib/sftpgo
			
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@@ -70,7 +70,7 @@ func (a *Admin) validate() error {
 
				 		return &ValidationError{err: "please set a password"}
			
 
				 	}
			
 
				 	if !usernameRegex.MatchString(a.Username) {
			
 
				-		return &ValidationError{err: fmt.Sprintf("username %#v is not valid", a.Username)}
			
 
				+		return &ValidationError{err: fmt.Sprintf("username %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~", a.Username)}
			
 
				 	}
			
 
				 	if a.Password != "" && !strings.HasPrefix(a.Password, argonPwdPrefix) {
			
 
				 		pwd, err := argon2id.CreateHash(a.Password, argon2Params)
			
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -1363,7 +1363,8 @@ func validateBaseParams(user *User) error {
 
				 		return &ValidationError{err: "username is mandatory"}
			
 
				 	}
			
 
				 	if !usernameRegex.MatchString(user.Username) {
			
 
				-		return &ValidationError{err: fmt.Sprintf("username %#v is not valid", user.Username)}
			
 
				+		return &ValidationError{err: fmt.Sprintf("username %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
			
 
				+			user.Username)}
			
 
				 	}
			
 
				 	if user.HomeDir == "" {
			
 
				 		return &ValidationError{err: "home_dir is mandatory"}
			
@@ -1395,7 +1396,8 @@ func ValidateFolder(folder *vfs.BaseVirtualFolder) error {
 
				 		return &ValidationError{err: "folder name is mandatory"}
			
 
				 	}
			
 
				 	if !usernameRegex.MatchString(folder.Name) {
			
 
				-		return &ValidationError{err: fmt.Sprintf("folder name %#v is not valid", folder.Name)}
			
 
				+		return &ValidationError{err: fmt.Sprintf("folder name %#v is not valid, the following characters are allowed: a-zA-Z0-9-_.~",
			
 
				+			folder.Name)}
			
 
				 	}
			
 
				 	cleanedMPath := filepath.Clean(folder.MappedPath)
			
 
				 	if !filepath.IsAbs(cleanedMPath) {