Description of problem: When the URL contains a space on the beginning or end of the input field, spacewalk-repo-sync fails. Version-Release number of selected component (if applicable): 5.4 How reproducible: Always Steps to Reproduce: 1. Go to https://rhn.example.com/rhn/channels/manage/repos/RepoCreate.do 2. Enter A repository URL such as " http://repo.exmple.com/repo/x86_64 " 3. Fire up spacewalk-repo-sync -c example-cannel or schedule a sync in the webUI Actual results: Scheduled sync does not show any error in the log. spacewalk-repo-sync -c example-channel result: # spacewalk-repo-sync -c example-channel Traceback (most recent call last): File "/usr/bin/spacewalk-repo-sync", line 72, in ? sys.exit(abs(main() or 0)) File "/usr/bin/spacewalk-repo-sync", line 66, in main sync.main() File "/usr/share/rhn/satellite_tools/reposync.py", line 103, in main self.import_packages(plugin, url) File "/usr/share/rhn/satellite_tools/reposync.py", line 134, in import_packages packages = plug.list_packages() File "/usr/share/rhn/satellite_tools/repo_plugins/yum_src.py", line 57, in list_packages sack.populate(repo, 'metadata', None, 0) File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate if self._check_db_version(repo, mydbtype): File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version return repo._check_db_version(mdtype) File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1229, in _check_db_version repoXML = self.repoXML File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1402, in <lambda> repoXML = property(fget=lambda self: self._getRepoXML(), File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1398, in _getRepoXML raise Errors.RepoError, msg yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: example-channel. Please verify its path and try again # Expected results: The WebUI should filter out spaces and create an error on other invalid characters. Additional info: It also accepts semicolons, single quotes etc. Maybe it is also security related? (SQL-Injections)
*** This bug has been marked as a duplicate of bug 652622 ***