Missing checkUsername and const patten

https://github.com/FreshRSS/FreshRSS/pull/1423 https://github.com/YunoHost-Apps/freshrss_ynh/issues/27#issuecomment-279792363
author: Alexandre Alapetite <alexandre@alapetite.fr> 2017-02-25 12:39:08 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2017-02-25 12:39:08 +0100
commit: 271a1fdc8900a8b2c32675c22dce1cc458209de4 (patch)
tree: 10f4e575e3d907b637f60128d270ac9a7576ce46 /app/Controllers/userController.php
parent: 2e871a0adf131f53dcf345ad2dda73bdf7c1a2c9 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 718207734..13a6fce67 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,9 +34,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	/**
+	 * The username is also used as folder name, and part of SQL table name.
+	 * '_' is a reserved internal username.
+	 */
+	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+
 	public static function checkUsername($username) {
-		$match = '/^[0-9a-zA-Z_]{1,38}$/';
-		return preg_match($match, $username) === 1;
+		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
 	/**
author	Alexandre Alapetite <alexandre@alapetite.fr>	2017-02-25 12:39:08 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2017-02-25 12:39:08 +0100
commit	271a1fdc8900a8b2c32675c22dce1cc458209de4 (patch)
tree	10f4e575e3d907b637f60128d270ac9a7576ce46 /app/Controllers/userController.php
parent	2e871a0adf131f53dcf345ad2dda73bdf7c1a2c9 (diff)