Merge pull request #1423 from plopoyop/feature/username-in-cli

[WIP] Feature/username in cli

1 files changed, 12 insertions, 2 deletions

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..593e24cf2 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -35,6 +35,16 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	/**
+	 * The username is also used as folder name, file name, and part of SQL table name.
+	 * '_' is a reserved internal username.
+	 */
+	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+
+	public static function checkUsername($username) {
+		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
+	}
+
+	/**
 	 * This action displays the user profile page.
 	 */
 	public function profileAction() {
@@ -104,7 +114,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			$userConfig = array();
 		}
 
-		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+		$ok = self::checkUsername($new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -187,7 +197,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-		$ok = ctype_alnum($username);
+		$ok = self::checkUsername($username);
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user