diff options
| author |  Clément <clement@selfhost.fr>
| 2017-02-16 18:54:59 +0100 |
|---|---|---|
| committer | Clément <clement@selfhost.fr>
| 2017-02-16 18:54:59 +0100 |
| commit | 4eeae5171b885b6dda392f5dd68d6dd78a0c7858 (patch) | |
| tree | f4aebf0654c44838c54fdbb9ec7117f617008b89 | |
| parent | 8d2b76334cd60356c85810bf4902124105d54ad4 (diff) | |
use function with preg_match to check username
| -rw-r--r-- | app/Controllers/userController.php | 11 | ||||
| -rw-r--r-- | app/Models/Auth.php | 3 | ||||
| -rw-r--r-- | cli/_cli.php | 4 | ||||
| -rwxr-xr-x | cli/create-user.php | 3 | ||||
| -rwxr-xr-x | cli/delete-user.php | 3 | ||||
| -rwxr-xr-x | cli/do-install.php | 3 |
6 files changed, 12 insertions, 15 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 6199ff218..246be1bfe 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { return $passwordHash == '' ? '' : $passwordHash; } + public static function checkUsername($username) { + $match = '/^[a-zA-Z_]{1,38}$/'; + return preg_match($match, $username) === 1; + } + /** * This action displays the user profile page. */ @@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController { if (!is_array($userConfig)) { $userConfig = array(); } - $aValid = array('-', '_', '.'); - $ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name)); + $ok = self::checkUsername($new_user_name); if ($ok) { $languages = Minz_Translate::availableLanguages(); @@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); - $aValid = array('-', '_', '.'); - $ok = ctype_alnum(str_replace($aValid, '', $username)); + $ok = self::checkUsername($username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= (strcasecmp($username, $default_user) !== 0); //It is forbidden to delete the default user diff --git a/app/Models/Auth.php b/app/Models/Auth.php index e63a24b27..476627e10 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -182,8 +182,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { - $aValid = array('-', '_', '.'); - if (!ctype_alnum(str_replace($aValid, '', $username)) || + if (!FreshRSS_user_Controller::checkUsername($username) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . diff --git a/cli/_cli.php b/cli/_cli.php index 885199659..f5e36eabc 100644 --- a/cli/_cli.php +++ b/cli/_cli.php @@ -20,9 +20,7 @@ function fail($message) { } function cliInitUser($username) { - $aValid = array('-', '_', '.'); - - if (!ctype_alnum(str_replace($aValid, '', $username))) { + if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username: ' . $username . "\n"); } diff --git a/cli/create-user.php b/cli/create-user.php index e5b4493e3..c9e350c14 100755 --- a/cli/create-user.php +++ b/cli/create-user.php @@ -16,9 +16,8 @@ if (empty($options['user'])) { fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" . " --language en --email user@example.net --token 'longRandomString --no-default-feeds' )"); } -$aValid = array('-', '_', '.'); $username = $options['user']; -if (!ctype_alnum(str_replace($aValid, '', $username))) { +if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username “' . $username . '”'); } diff --git a/cli/delete-user.php b/cli/delete-user.php index 82605fb27..baa81b893 100755 --- a/cli/delete-user.php +++ b/cli/delete-user.php @@ -9,9 +9,8 @@ $options = getopt('', array( if (empty($options['user'])) { fail('Usage: ' . basename(__FILE__) . " --user username"); } -$aValid = array('-', '_', '.'); $username = $options['user']; -if (!ctype_alnum(str_replace($aValid, '', $username))) { +if (!FreshRSS_user_Controller::checkUsername($username)) { fail('FreshRSS error: invalid username “' . $username . '”'); } diff --git a/cli/do-install.php b/cli/do-install.php index eb46c7e93..064a64ab2 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -47,8 +47,7 @@ if ($requirements['all'] !== 'ok') { fail($message); } -$aValid = array('-', '_', '.'); -if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) { +if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) { fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']); } |