From 7fd849a720df54fa7d4737c74dff3b31d4463024 Mon Sep 17 00:00:00 2001
From: Ramon Bartl <rb@ridingbytes.com>
Date: Fri, 13 Apr 2018 23:10:25 +0200
Subject: [PATCH 1/2] Improved is_uid api function

---
 bika/lims/api/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bika/lims/api/__init__.py b/bika/lims/api/__init__.py
index e1f51833af..84d56ddec6 100644
--- a/bika/lims/api/__init__.py
+++ b/bika/lims/api/__init__.py
@@ -5,6 +5,8 @@
 # Copyright 2018 by it's authors.
 # Some rights reserved. See LICENSE.rst, CONTRIBUTORS.rst.
 
+import re
+
 from Acquisition import aq_base
 from AccessControl.PermissionRole import rolesForPermissionOn
 
@@ -67,6 +69,8 @@
 
 _marker = object()
 
+UID_RX = re.compile("[a-z0-9]{32}$")
+
 
 class BikaLIMSError(Exception):
     """Base exception class for bika.lims errors."""
@@ -1161,6 +1165,8 @@ def is_uid(uid, validate=False):
         return False
     if len(uid) != 32:
         return False
+    if not UID_RX.match(uid):
+        return False
     if not validate:
         return True
 

From 0e8a025284262b0bdfb337e501c4c749c5623980 Mon Sep 17 00:00:00 2001
From: Ramon Bartl <rb@ridingbytes.com>
Date: Fri, 13 Apr 2018 23:13:45 +0200
Subject: [PATCH 2/2] Updated changelog

---
 CHANGES.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index ec8c4d0180..2c7b062d8f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -15,6 +15,8 @@ Changelog
 
 **Fixed**
 
+- #772 Improved UID check in API
+
 
 **Security**