M util.go → util.go

@@ -55,6 +55,8 @@ )
 
 var savedassetparams = make(map[string]string)
 
+var re_plainname = regexp.MustCompile("^[[:alnum:]]+$")
+
 func getassetparam(file string) string {
 	if p, ok := savedassetparams[file]; ok {
 		return p
@@ -309,8 +311,7 @@ name = name[:len(name)-1]
 	if len(name) < 1 {
 		return fmt.Errorf("that's way too short")
 	}
-	re_name := regexp.MustCompile("^[[:alnum:]]+$")
-	if !re_name.MatchString(name) {
+	if !re_plainname.MatchString(name) {
 		return fmt.Errorf("alphanumeric only please")
 	}
 	if _, err := butwhatabout(name); err == nil {

M web.go → web.go

@@ -1840,6 +1840,11 @@ combos := strings.TrimSpace(r.FormValue("combos"))
 	combos = " " + combos + " "
 	honkerid, _ := strconv.ParseInt(r.FormValue("honkerid"), 10, 0)
 
+	if name != "" && !re_plainname.MatchString(name) {
+		http.Error(w, "please use a plainer name", http.StatusInternalServerError)
+		return
+	}
+
 	var meta HonkerMeta
 	meta.Notes = strings.TrimSpace(r.FormValue("notes"))
 	mj, _ := jsonify(&meta)