summaryrefslogtreecommitdiff
path: root/app/Controllers/userController.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controllers/userController.php')
-rw-r--r--app/Controllers/userController.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..718207734 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
return $passwordHash == '' ? '' : $passwordHash;
}
+ public static function checkUsername($username) {
+ $match = '/^[0-9a-zA-Z_]{1,38}$/';
+ return preg_match($match, $username) === 1;
+ }
+
/**
* This action displays the user profile page.
*/
@@ -104,7 +109,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
$userConfig = array();
}
- $ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+ $ok = self::checkUsername($new_user_name);
if ($ok) {
$languages = Minz_Translate::availableLanguages();
@@ -187,7 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
$db = FreshRSS_Context::$system_conf->db;
require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
- $ok = ctype_alnum($username);
+ $ok = self::checkUsername($username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= (strcasecmp($username, $default_user) !== 0); //It is forbidden to delete the default user
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-26 21:18:25 +0000