From 7c5ed86e3e76b0b79bcf52fd8766d15c8b83e298 Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Thu, 22 Feb 2018 11:41:48 -0800
Subject: [PATCH] refuse to post manual content archive with invalid name

---
 domain-server/resources/web/content/js/content.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/domain-server/resources/web/content/js/content.js b/domain-server/resources/web/content/js/content.js
index fc6d2ca205..fff7c07bbf 100644
--- a/domain-server/resources/web/content/js/content.js
+++ b/domain-server/resources/web/content/js/content.js
@@ -386,6 +386,12 @@ $(document).ready(function(){
         return false;
       }
 
+      var MANUAL_ARCHIVE_NAME_REGEX = /^[a-zA-Z0-9\\-_ ]+$/;
+      if (!MANUAL_ARCHIVE_NAME_REGEX.test(inputValue)) {
+        swal.showInputError("Valid characters include A-z, 0-9, ' ', '_', and '-'.");
+        return false;
+      }
+
       // post the provided archive name to ask the server to kick off a manual backup
       $.ajax({
         type: 'POST',