From 4eeae5171b885b6dda392f5dd68d6dd78a0c7858 Mon Sep 17 00:00:00 2001 From: Clément Date: Thu, 16 Feb 2017 18:54:59 +0100 Subject: use function with preg_match to check username --- app/Controllers/userController.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'app/Controllers/userController.php') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 6199ff218..246be1bfe 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { return $passwordHash == '' ? '' : $passwordHash; } + public static function checkUsername($username) { + $match = '/^[a-zA-Z_]{1,38}$/'; + return preg_match($match, $username) === 1; + } + /** * This action displays the user profile page. */ @@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController { if (!is_array($userConfig)) { $userConfig = array(); } - $aValid = array('-', '_', '.'); - $ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name)); + $ok = self::checkUsername($new_user_name); if ($ok) { $languages = Minz_Translate::availableLanguages(); @@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); - $aValid = array('-', '_', '.'); - $ok = ctype_alnum(str_replace($aValid, '', $username)); + $ok = self::checkUsername($username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= (strcasecmp($username, $default_user) !== 0); //It is forbidden to delete the default user -- cgit v1.2.3