campaignd: Restrict possible add-on name chars to a whitelist

The new whitelist includes all alphanumerical characters,
hyphen-minuses -, and underlines _ ([A-Za-z0-9_-]).

src/addon/validation.cpp

@@ -27,12 +27,30 @@ namespace {
 		"map_pack", "era", "faction", "mod_mp", /*"gui", */ "media", "other",
 		""
 	};
+
+	struct addon_name_char_illegal
+	{
+		/**
+		 * Returns whether the given add-on name char is not whitelisted.
+		 */
+		inline bool operator()(char c)
+		{
+			switch(c)
+			{
+				case '-':		// hyphen-minus
+				case '_':		// low line
+					return false;
+				default:
+					return !isalnum(c);
+			}
+		}
+	};
 }
 
 bool addon_name_legal(const std::string& name)
 {
 	if(name.empty() || name == "." ||
-	   name.find_first_of("/:\\~") != std::string::npos ||
+	   std::find_if(name.begin(), name.end(), addon_name_char_illegal()) != name.end() ||
 	   name.find("..") != std::string::npos) {
 		return false;
 	} else {

src/tests/test_addons.cpp

@@ -22,6 +22,8 @@ BOOST_AUTO_TEST_SUITE( addons )
 
 BOOST_AUTO_TEST_CASE( validation )
 {
+	BOOST_CHECK( addon_name_legal("-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz") );
+
 	BOOST_CHECK( !addon_name_legal("") );
 	BOOST_CHECK( !addon_name_legal(".") );
 	BOOST_CHECK( !addon_name_legal("invalid/slash") );
@@ -29,6 +31,12 @@ BOOST_AUTO_TEST_CASE( validation )
 	BOOST_CHECK( !addon_name_legal("invalid:colon") );
 	BOOST_CHECK( !addon_name_legal("invalid~tilde") );
 	BOOST_CHECK( !addon_name_legal("invalid/../parent") );
+	BOOST_CHECK( !addon_name_legal("invalid\nnewline") );
+	BOOST_CHECK( !addon_name_legal("invalid\x0A""explicitLF") );
+	BOOST_CHECK( !addon_name_legal("invalid\x0D\x0A""explicitCRLF") );
+	BOOST_CHECK( !addon_name_legal("invalid\x0D""explicitCR") );
+	BOOST_CHECK( !addon_name_legal("invalid`grave accent`") );
+	BOOST_CHECK( !addon_name_legal("invalid$dollarsign$") );
 }
 
 BOOST_AUTO_TEST_SUITE_END()