From db4b8951a234937f8e8da920acf12c1ed90dac26 Mon Sep 17 00:00:00 2001
From: jide <jride@wisc.edu>
Date: Mon, 30 Sep 2024 13:12:13 -0500
Subject: [PATCH 1/3] Fix clone attributes to match attributes properly when
 attribute name contains a period.

---
 webapp/views/data_tables/templates/clone_attributes_4.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/webapp/views/data_tables/templates/clone_attributes_4.html b/webapp/views/data_tables/templates/clone_attributes_4.html
index 4f4b7f9a..6f9f4203 100644
--- a/webapp/views/data_tables/templates/clone_attributes_4.html
+++ b/webapp/views/data_tables/templates/clone_attributes_4.html
@@ -40,9 +40,14 @@
         function select_default(_select_id) {
             // We need to replace spaces with underscores in the SELECT id for jQuery to work properly
             let select_id = _select_id.replace(/ /g, '_');
-            let selector = '#' + select_id + ' option';
             // Get rid of SELECT__ and __SELECT substrings
             let default_val = select_id.substring(8, select_id.length - 8);
+            // jQuery interprets '.' as a class selector, so we need to escape '.' with '\\'
+            // It's a double backslash because the first backslash is an escape character in a string. I.e., we're
+            //  saying we want the backslash to go into the string, not be interpreted as an escape character.
+            //  Now the selector will correctly find the option with the value that has a period in it.
+            select_id = select_id.replace(/\./g, '\\.');
+            let selector = '#' + select_id + ' option';
             $(selector).filter(function() {
                 let this_text = $(this).text().replace(/ /g, '_');
                 return this_text === default_val;

From 03a792ad43004f9e62cf83e67f9d3c8271ddd6bb Mon Sep 17 00:00:00 2001
From: jide <jride@wisc.edu>
Date: Mon, 30 Sep 2024 13:37:49 -0500
Subject: [PATCH 2/3] Generalize escaping of selector to include other chars
 that have special meaning to jQuery

---
 .../data_tables/templates/clone_attributes_4.html   | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/webapp/views/data_tables/templates/clone_attributes_4.html b/webapp/views/data_tables/templates/clone_attributes_4.html
index 6f9f4203..02a43b89 100644
--- a/webapp/views/data_tables/templates/clone_attributes_4.html
+++ b/webapp/views/data_tables/templates/clone_attributes_4.html
@@ -37,16 +37,19 @@
                 select_default(this.id);
             });
         }
+        function escapeSelector(selector) {
+            // There are a few characters that need to be escaped in a jQuery selector so they aren't interpreted as
+            //  class selectors and the like. This function escapes those characters.
+            return selector.replace(/([!"#$%&'()*+,.\/:;<=>?@[\\\]^`{|}~])/g, '\\$1');
+        }
         function select_default(_select_id) {
             // We need to replace spaces with underscores in the SELECT id for jQuery to work properly
             let select_id = _select_id.replace(/ /g, '_');
             // Get rid of SELECT__ and __SELECT substrings
             let default_val = select_id.substring(8, select_id.length - 8);
-            // jQuery interprets '.' as a class selector, so we need to escape '.' with '\\'
-            // It's a double backslash because the first backslash is an escape character in a string. I.e., we're
-            //  saying we want the backslash to go into the string, not be interpreted as an escape character.
-            //  Now the selector will correctly find the option with the value that has a period in it.
-            select_id = select_id.replace(/\./g, '\\.');
+            // jQuery interprets '.' as a class selector, so we need to escape '.' with '\\'.
+            // There are various other chars that may be similarly problematic. We'll escape them all.
+            select_id = escapeSelector(select_id);
             let selector = '#' + select_id + ' option';
             $(selector).filter(function() {
                 let this_text = $(this).text().replace(/ /g, '_');

From b532109bd491c43bd3a38897ec264aa92d0fac2c Mon Sep 17 00:00:00 2001
From: jide <jride@wisc.edu>
Date: Mon, 30 Sep 2024 13:46:03 -0500
Subject: [PATCH 3/3] Log login attempts by non-whitelisted users.

---
 webapp/auth/views.py | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/webapp/auth/views.py b/webapp/auth/views.py
index d4a7ad48..ef266575 100644
--- a/webapp/auth/views.py
+++ b/webapp/auth/views.py
@@ -61,12 +61,6 @@ def login():
         else:
             return redirect(url_for(PAGE_INDEX))
 
-    # log_info(f"request.url: {request.url}")
-    # if request.method == 'GET':
-    #     log_info(f"GET: request.args: {request.args.to_dict()}")
-    # else:
-    #     log_info(f"POST: request.form: {request.form.to_dict()}")
-
     # Process POST
     form = LoginForm()
     if form.validate_on_submit():
@@ -74,8 +68,8 @@ def login():
         if not is_whitelisted_username(username):
             flash(f'Username {username} is not authorized to log in to this server. Please contact ' 
                   'support@edirepository.org if you believe you need access to this server.', 'error')
+            log_error(f'Non-whitelisted login attempt by {username}')
             return redirect(url_for(PAGE_LOGIN))
-        # domain = form.domain.data # Never None
         domain = "edi"
         user_dn = 'uid=' + form.username.data + ',' + Config.DOMAINS[domain]
         password = form.password.data