From d8ffbdf6d717dc1f2ffa82920cefc1a3048b07bc Mon Sep 17 00:00:00 2001
From: Wilfried Goesgens <dothebart@citadel.org>
Date: Sat, 30 Jul 2011 16:23:32 +0000
Subject: [PATCH] check template token name for invalid chars; that way we find
 ')' etc.

---
 webcit/subst.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/webcit/subst.c b/webcit/subst.c
index 4048579ed..54a59a425 100644
--- a/webcit/subst.c
+++ b/webcit/subst.c
@@ -1016,6 +1016,25 @@ WCTemplateToken *NewTemplateSubstitute(StrBuf *Buf,
 	switch (NewToken->Flags) {
 	case 0:
 		/* If we're able to find out more about the token, do it now while its fresh. */
+		pch = NewToken->pName;
+		while (pch <  NewToken->pName + NewToken->NameEnd)
+		{
+			if (((*pch >= 'A') && (*pch <= 'Z')) || 
+			    ((*pch >= '0') && (*pch <= '9')) ||
+			    (*pch == ':') || 
+			    (*pch == '-') ||
+			    (*pch == '_')) 
+				pch ++;
+			else
+			{
+				LogTemplateError(
+					NULL, "Token Name", ERR_NAME, &TP,
+					"contains illegal char: '%c'", 
+					*pch);
+				pch++;
+			}
+
+		}
 		if (GetHash(GlobalNS, NewToken->pName, NewToken->NameEnd, &vVar)) {
 			HashHandler *Handler;
 			Handler = (HashHandler*) vVar;
-- 
2.39.2