We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit d758c117 authored by Evan Prodromou's avatar Evan Prodromou

disallow nicknames on a blacklist

darcs-hash:20080622180437-34904-4b6313f6fd8845232031663c5c2df00dff725183.gz
parent a69dbe7c
......@@ -167,6 +167,11 @@ class FinishopenidloginAction extends Action {
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
return;
}
if (!User::allowed_nickname($nickname)) {
$this->show_form(_t('Nickname not allowed.'));
return;
}
if (User::staticGet('nickname', $nickname)) {
$this->show_form(_t('Nickname already in use. Try another one.'));
......@@ -338,6 +343,9 @@ class FinishopenidloginAction extends Action {
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
return false;
}
if (!User::allowed_nickname($str)) {
return false;
}
if (User::staticGet('nickname', $str)) {
return false;
}
......
......@@ -88,6 +88,8 @@ class ProfilesettingsAction extends SettingsAction {
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
return;
} else if (!User::allowed_nickname($nickname)) {
$this->show_form(_t('Not a valid nickname.'));
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
$this->show_form(_t('Homepage is not a valid URL.'));
......
......@@ -57,6 +57,8 @@ class RegisterAction extends Action {
$this->show_form(_t('Nickname must have only lowercase letters and numbers and no spaces.'));
} else if ($this->nickname_exists($nickname)) {
$this->show_form(_t('Nickname already exists.'));
} else if (!User::allowed_nickname($nickname)) {
$this->show_form(_t('Not a valid nickname.'));
} else if ($this->email_exists($email)) {
$this->show_form(_t('Email address already exists.'));
} else if ($password != $confirm) {
......
......@@ -83,4 +83,12 @@ class User extends DB_DataObject
' WHERE id = ' . $this->id;
return $this->query($qry);
}
function allowed_nickname($nickname) {
# XXX: should already be validated for size, content, etc.
static $blacklist = array('rss', 'xrds', 'doc', 'main',
'settings', 'notice', 'user');
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
return !in_array($nickname, $merged);
}
}
......@@ -33,3 +33,6 @@ $config['db']['database'] = 'mysql://laconica:microblog@localhost/laconica';
#session_set_cookie_params(0, '/'. $config['site']['path'] .'/');
#Standard fancy-url clashes prevented by not allowing nicknames on a blacklist
#Add your own here. Note: empty array by default
#$config['nickname']['blacklist'][] = 'scobleizer';
......@@ -54,7 +54,9 @@ $config =
'image' => 'http://i.creativecommons.org/l/by/3.0/88x31.png'),
'mail' =>
array('backend' => 'mail',
'params' => NULL)
'params' => NULL),
'nickname' =>
array('blacklist' => array())
);
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment