From bca909352099d9d85e748793f3bf9af83201fa6a Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 19 Dec 2019 17:46:39 +0100
Subject: [PATCH] api/ui: datastore: allow to set simple comment

for now forbid all control characters[0] in the comment value, the
section config writer cannot cope with newlines in the value, it
writes them out literally, allowing "injection" or breaking the whole
config.

In the webinterface use also a textfield, not a textarea.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/api2/config/datastore.rs | 8 +++++++-
 src/config/datastore.rs      | 4 +++-
 www/DataStoreConfig.js       | 5 +----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs
index 55e0775c..984f48ef 100644
--- a/src/api2/config/datastore.rs
+++ b/src/api2/config/datastore.rs
@@ -32,6 +32,7 @@ pub const POST: ApiMethod = ApiMethod::new(
     &ObjectSchema::new(
         "Create new datastore.",
         &[
+            ("comment", true, &StringSchema::new("Comment for this Datastore").schema()),
             ("name", false, &DATASTORE_SCHEMA),
             ("path", false, &StringSchema::new("Directory path. The directory path is created if it does not already exist.").schema()),
         ],
@@ -54,6 +55,10 @@ fn create_datastore(
         bail!("datastore '{}' already exists.", name);
     }
 
+    if param["comment"].as_str().unwrap().find(|c: char| c.is_control()) != None {
+        bail!("comment must not contain control characters!");
+    }
+
     let path: PathBuf = param["path"].as_str().unwrap().into();
     let backup_user = crate::backup::backup_user()?;
     let _store = ChunkStore::create(
@@ -65,7 +70,8 @@ fn create_datastore(
     )?;
 
     let datastore = json!({
-        "path": param["path"]
+        "path": param["path"],
+        "comment": param["comment"],
     });
 
     config.set_data(name, "datastore", datastore);
diff --git a/src/config/datastore.rs b/src/config/datastore.rs
index 78947178..5aca43c4 100644
--- a/src/config/datastore.rs
+++ b/src/config/datastore.rs
@@ -14,13 +14,15 @@ lazy_static! {
 }
 
 const DIR_NAME_SCHEMA: Schema = StringSchema::new("Directory name").schema();
+const COMMENT_SCHEMA: Schema = StringSchema::new("Datastore comment").schema();
 const DATASTORE_ID_SCHEMA: Schema = StringSchema::new("DataStore ID schema.")
     .min_length(3)
     .schema();
 const DATASTORE_PROPERTIES: ObjectSchema = ObjectSchema::new(
     "DataStore properties",
     &[
-        ("path", false, &DIR_NAME_SCHEMA)
+        ("comment", true, &COMMENT_SCHEMA),
+        ("path", false, &DIR_NAME_SCHEMA),
     ]
 );
 
diff --git a/www/DataStoreConfig.js b/www/DataStoreConfig.js
index 03118c1d..40c9392c 100644
--- a/www/DataStoreConfig.js
+++ b/www/DataStoreConfig.js
@@ -111,8 +111,6 @@ Ext.define('PBS.DataStoreInputPanel', {
     onGetValues: function(values) {
 	var me = this;
 
-	delete values.comment;
-
 	return values;
     },
 
@@ -139,8 +137,7 @@ Ext.define('PBS.DataStoreInputPanel', {
 	{
 	    xtype: 'textfield',
 	    name: 'comment',
-	    emptyText: 'Not yet submitted...',
-	    fieldLabel: gettext('Comment')
+	    fieldLabel: gettext('Comment'),
 	},
     ],
 });