From 79b8d910257826a83b60f6dfa4a7a9813741c25c Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Wed, 27 Oct 2021 22:13:54 +0200
Subject: [PATCH] validate/clean inverse relation name in promoted attr
 definition

---
 .../app/widgets/attribute_widgets/attribute_detail.js      | 4 +++-
 src/services/promoted_attribute_definition_parser.js       | 2 +-
 src/services/utils.js                                      | 7 ++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/public/app/widgets/attribute_widgets/attribute_detail.js b/src/public/app/widgets/attribute_widgets/attribute_detail.js
index 1860f4361..ea8f68649 100644
--- a/src/public/app/widgets/attribute_widgets/attribute_detail.js
+++ b/src/public/app/widgets/attribute_widgets/attribute_detail.js
@@ -626,7 +626,9 @@ export default class AttributeDetailWidget extends NoteContextAwareWidget {
                 props.push('precision=' + this.$inputNumberPrecision.val());
             }
         } else if (this.attrType === 'relation-definition' && this.$inputInverseRelation.val().trim().length > 0) {
-            props.push("inverse=" + this.$inputInverseRelation.val());
+            const inverseRelationName = this.$inputInverseRelation.val();
+
+            props.push("inverse=" + utils.filterAttributeName(inverseRelationName));
         }
 
         this.$rowNumberPrecision.toggle(
diff --git a/src/services/promoted_attribute_definition_parser.js b/src/services/promoted_attribute_definition_parser.js
index d7f611cb9..48856cab6 100644
--- a/src/services/promoted_attribute_definition_parser.js
+++ b/src/services/promoted_attribute_definition_parser.js
@@ -20,7 +20,7 @@ function parse(value) {
         else if (token.startsWith('inverse')) {
             const chunks = token.split('=');
 
-            defObj.inverseRelation = chunks[1];
+            defObj.inverseRelation = chunks[1].replace(/[^\p{L}\p{N}_:]/ug, "")
         }
         else {
             console.log("Unrecognized attribute definition token:", token);
diff --git a/src/services/utils.js b/src/services/utils.js
index 2bcdc44e1..4ff2027a1 100644
--- a/src/services/utils.js
+++ b/src/services/utils.js
@@ -298,6 +298,10 @@ function normalize(str) {
     return removeDiacritic(str).toLowerCase();
 }
 
+function filterAttributeName(name) {
+    return name.replace(/[^\p{L}\p{N}_:]/ug, "");
+}
+
 module.exports = {
     randomSecureToken,
     randomString,
@@ -331,5 +335,6 @@ module.exports = {
     timeLimit,
     deferred,
     removeDiacritic,
-    normalize
+    normalize,
+    filterAttributeName
 };