diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2017-02-25 13:08:45 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2017-02-25 13:08:45 +0100 |
| commit | fb6bb8e826a29c1f94a705ea39ecc052ff59b99f (patch) | |
| tree | 08643f3a2901fc38aaa0841cebd35fc714842f49 /app/Models | |
| parent | b8ac2b1d8ab47642018bd3f0fe6863b69a2743d6 (diff) | |
| parent | 0bd4b2c74204a2f9360816ab22aac0da4c459824 (diff) | |
Merge pull request #1423 from plopoyop/feature/username-in-cli
[WIP] Feature/username in cli
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/Auth.php | 4 | ||||
| -rw-r--r-- | app/Models/Feed.php | 2 | ||||
| -rw-r--r-- | app/Models/UserDAO.php | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index b3255cfbd..476627e10 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -182,7 +182,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { - if (!ctype_alnum($username) || + if (!FreshRSS_user_Controller::checkUsername($username) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . @@ -211,7 +211,7 @@ class FreshRSS_FormAuth { // Token has expired (> 1 month) or does not exist. // TODO: 1 month -> use a configuration instead @unlink($token_file); - return array(); + return array(); } $credentials = @file_get_contents($token_file); diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 97cb1c47e..7a9cf8612 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -442,7 +442,7 @@ class FreshRSS_Feed extends Minz_Model { file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); } $currentUser = Minz_Session::param('currentUser'); - if (ctype_alnum($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) { + if (FreshRSS_user_Controller::checkUsername($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) { touch($path . '/' . $currentUser . '.txt'); } } diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php index 32bc6de2f..a60caf395 100644 --- a/app/Models/UserDAO.php +++ b/app/Models/UserDAO.php @@ -85,7 +85,7 @@ class FreshRSS_UserDAO extends Minz_ModelPdo { } public static function touch($username = '') { - if (($username == '') || (!ctype_alnum($username))) { + if (!FreshRSS_user_Controller::checkUsername($username)) { $username = Minz_Session::param('currentUser', '_'); } return touch(join_path(DATA_PATH , 'users', $username, 'config.php')); |