diff options
| author |  Clément <clement@selfhost.fr>
| 2017-02-16 14:27:45 +0100 |
|---|---|---|
| committer | Clément <clement@selfhost.fr>
| 2017-02-16 14:27:45 +0100 |
| commit | 8d2b76334cd60356c85810bf4902124105d54ad4 (patch) | |
| tree | a303e6f209fd716972ca3421c4b817beec0cabfc /app/Models/Auth.php | |
| parent | 08857c679d700b982a1af21ce11c4b25e125e44a (diff) | |
Possibility to register user having a '-', a '_' or a '.' in username
Diffstat (limited to 'app/Models/Auth.php')
| -rw-r--r-- | app/Models/Auth.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index b3255cfbd..e63a24b27 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -182,7 +182,8 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { - if (!ctype_alnum($username) || + $aValid = array('-', '_', '.'); + if (!ctype_alnum(str_replace($aValid, '', $username)) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . @@ -211,7 +212,7 @@ class FreshRSS_FormAuth { // Token has expired (> 1 month) or does not exist. // TODO: 1 month -> use a configuration instead @unlink($token_file); - return array(); + return array(); } $credentials = @file_get_contents($token_file); |