From 271a1fdc8900a8b2c32675c22dce1cc458209de4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 12:39:08 +0100
Subject: Missing checkUsername and const patten

https://github.com/FreshRSS/FreshRSS/pull/1423

https://github.com/YunoHost-Apps/freshrss_ynh/issues/27#issuecomment-279792363
---
 app/Controllers/userController.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 718207734..13a6fce67 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,9 +34,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	/**
+	 * The username is also used as folder name, and part of SQL table name.
+	 * '_' is a reserved internal username.
+	 */
+	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+
 	public static function checkUsername($username) {
-		$match = '/^[0-9a-zA-Z_]{1,38}$/';
-		return preg_match($match, $username) === 1;
+		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
 	/**
-- 
cgit v1.2.3