cron - validate filename portion of cron_file param (#19185)

* Validated filename from `cron_file` param, updated docs

Fixes ansible/ansible-modules-core#4795, moved from ansible/ansible-modules-core#5361

* Broke long warning message over multiple lines

See: https://github.com/ansible/ansible/pull/19185#issuecomment-302961152

lib/ansible/modules/system/cron.py

@@ -84,6 +84,8 @@ options:
       - If specified, uses this file instead of an individual user's crontab.
         If this is a relative path, it is interpreted with respect to
         /etc/cron.d. (If it is absolute, it will typically be /etc/crontab).
+        Many linux distros expect (and some require) the filename portion to consist solely
+        of upper- and lower-case letters, digits, underscores, and hyphens.
         To use the C(cron_file) parameter you must specify the C(user) as well.
     required: false
     default: null
@@ -631,6 +633,13 @@ def main():
 
     changed      = False
     res_args     = dict()
+    warnings     = list()
+
+    if cron_file:
+        cron_file_basename = os.path.basename(cron_file)
+        if not re.search(r'^[A-Z0-9_-]+$', cron_file_basename, re.I):
+            warnings.append('Filename portion of cron_file ("%s") should consist' % cron_file_basename
+            + ' solely of upper- and lower-case letters, digits, underscores, and hyphens')
 
     # Ensure all files generated are only writable by the owning user.  Primarily relevant for the cron_file option.
     os.umask(int('022', 8))
@@ -736,6 +745,7 @@ def main():
     res_args = dict(
         jobs = crontab.get_jobnames(),
         envs = crontab.get_envnames(),
+        warnings = warnings,
         changed = changed
     )