Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gnu-social
Project overview
Project overview
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
194
Issues
194
List
Boards
Labels
Milestones
Merge Requests
12
Merge Requests
12
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
gnu.io
gnu-social
Commits
38a69b55
Commit
38a69b55
authored
Oct 16, 2013
by
mmn
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Better checks during User::register and improved Nickname checks
parent
080352b6
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
123 additions
and
55 deletions
+123
-55
classes/User.php
classes/User.php
+11
-42
lib/nickname.php
lib/nickname.php
+112
-13
No files found.
classes/User.php
View file @
38a69b55
...
...
@@ -177,38 +177,6 @@ class User extends Managed_DataObject
return
$result
;
}
/**
* Check whether the given nickname is potentially usable, or if it's
* excluded by any blacklists on this system.
*
* WARNING: INPUT IS NOT VALIDATED OR NORMALIZED. NON-NORMALIZED INPUT
* OR INVALID INPUT MAY LEAD TO FALSE RESULTS.
*
* @param string $nickname
* @return boolean true if clear, false if blacklisted
*/
static
function
allowed_nickname
(
$nickname
)
{
// XXX: should already be validated for size, content, etc.
$blacklist
=
common_config
(
'nickname'
,
'blacklist'
);
//all directory and file names should be blacklisted
$d
=
dir
(
INSTALLDIR
);
while
(
false
!==
(
$entry
=
$d
->
read
()))
{
$blacklist
[]
=
$entry
;
}
$d
->
close
();
//all top level names in the router should be blacklisted
$router
=
Router
::
get
();
foreach
(
array_keys
(
$router
->
m
->
getPaths
())
as
$path
){
if
(
preg_match
(
'/^\/(.*?)[\/\?]/'
,
$path
,
$matches
)){
$blacklist
[]
=
$matches
[
1
];
}
}
return
!
in_array
(
$nickname
,
$blacklist
);
}
/**
* Get the most recent notice posted by this user, if any.
*
...
...
@@ -258,19 +226,18 @@ class User extends Managed_DataObject
$profile
=
new
Profile
();
if
(
!
empty
(
$email
))
{
if
(
!
empty
(
$email
))
{
$email
=
common_canonical_email
(
$email
);
}
$nickname
=
common_canonical_nickname
(
$nickname
);
$profile
->
nickname
=
$nickname
;
if
(
!
User
::
allowed_nickname
(
$nickname
)){
common_log
(
LOG_WARNING
,
sprintf
(
"Attempted to register a nickname that is not allowed: %s"
,
$profile
->
nickname
),
__FILE__
);
try
{
$profile
->
nickname
=
Nickname
::
normalize
(
$nickname
,
true
);
}
catch
(
NicknameException
$e
)
{
common_log
(
LOG_WARNING
,
sprintf
(
'Bad nickname during User registration for %s: %s'
,
$profile
->
nickname
,
$e
->
getMessage
()),
__FILE__
);
return
false
;
}
$profile
->
profileurl
=
common_profile_url
(
$nickname
);
$profile
->
profileurl
=
common_profile_url
(
$profile
->
nickname
);
if
(
!
empty
(
$fullname
))
{
$profile
->
fullname
=
$fullname
;
...
...
@@ -298,7 +265,7 @@ class User extends Managed_DataObject
$user
=
new
User
();
$user
->
nickname
=
$nickname
;
$user
->
nickname
=
$
profile
->
nickname
;
$invite
=
null
;
...
...
@@ -338,7 +305,6 @@ class User extends Managed_DataObject
$profile
->
query
(
'BEGIN'
);
$id
=
$profile
->
insert
();
if
(
empty
(
$id
))
{
common_log_db_error
(
$profile
,
'INSERT'
,
__FILE__
);
return
false
;
...
...
@@ -360,6 +326,7 @@ class User extends Managed_DataObject
if
(
!
$result
)
{
common_log_db_error
(
$user
,
'INSERT'
,
__FILE__
);
$profile
->
query
(
'ROLLBACK'
);
return
false
;
}
...
...
@@ -388,6 +355,7 @@ class User extends Managed_DataObject
if
(
!
$result
)
{
common_log_db_error
(
$subscription
,
'INSERT'
,
__FILE__
);
$profile
->
query
(
'ROLLBACK'
);
return
false
;
}
...
...
@@ -409,6 +377,7 @@ class User extends Managed_DataObject
if
(
!
$result
)
{
common_log_db_error
(
$confirm
,
'INSERT'
,
__FILE__
);
$profile
->
query
(
'ROLLBACK'
);
return
false
;
}
}
...
...
lib/nickname.php
View file @
38a69b55
...
...
@@ -76,32 +76,39 @@ class Nickname
*
* Note that valid nicknames may be in use or reserved.
*
* @param string $str
* @return boolean
* @param string $str The nickname string to test
* @param boolean $checkuse Check if it's in use (return false if it is)
*
* @return boolean True if nickname is valid. False if invalid (or taken if checkuse==true).
*/
public
static
function
isValid
(
$str
)
public
static
function
isValid
(
$str
,
$checkuse
=
false
)
{
try
{
self
::
normalize
(
$str
);
return
true
;
self
::
normalize
(
$str
,
$checkuse
);
}
catch
(
NicknameException
$e
)
{
return
false
;
}
return
true
;
}
/**
* Validate an input nickname string, and normalize it to its canonical form.
* The canonical form will be returned, or an exception thrown if invalid.
*
* @param string $str
* @param string $str The nickname string to test
* @param boolean $checkuse Check if it's in use (return false if it is)
* @return string Normalized canonical form of $str
*
* @throws NicknameException (base class)
* @throws Nickname
Invali
dException
* @throws Nickname
Blackliste
dException
* @throws NicknameEmptyException
* @throws NicknameInvalidException
* @throws NicknamePathCollisionException
* @throws NicknameTakenException
* @throws NicknameTooLongException
*/
public
static
function
normalize
(
$str
)
public
static
function
normalize
(
$str
,
$checkuse
=
false
)
{
if
(
mb_strlen
(
$str
)
>
self
::
MAX_LEN
)
{
// Display forms must also fit!
...
...
@@ -118,8 +125,16 @@ class Nickname
if
(
!
self
::
isCanonical
(
$str
))
{
throw
new
NicknameInvalidException
();
}
if
(
!
User
::
allowed_nickname
(
$str
))
{
throw
new
NicknameBlacklistException
();
if
(
self
::
isBlacklisted
(
$str
))
{
throw
new
NicknameBlacklistedException
();
}
if
(
self
::
isSystemPath
(
$str
))
{
throw
new
NicknamePathCollisionException
();
}
if
(
$checkuse
&&
$user
=
self
::
isTaken
(
$str
))
{
if
(
$user
instanceof
User
)
{
throw
new
NicknameTakenException
();
}
}
return
$str
;
...
...
@@ -135,6 +150,59 @@ class Nickname
{
return
preg_match
(
'/^(?:'
.
self
::
CANONICAL_FMT
.
')$/'
,
$str
);
}
/**
* Is the given string in our nickname blacklist?
*
* @param string $str
* @return boolean
*/
public
static
function
isBlacklisted
(
$str
)
{
$blacklist
=
common_config
(
'nickname'
,
'blacklist'
);
return
in_array
(
$str
,
$blacklist
);
}
/**
* Is the given string identical to a system path or route?
* This could probably be put in some other class, but at
* at the moment, only Nickname requires this functionality.
*
* @param string $str
* @return boolean
*/
public
static
function
isSystemPath
(
$str
)
{
$paths
=
array
();
// All directory and file names in site root should be blacklisted
$d
=
dir
(
INSTALLDIR
);
while
(
false
!==
(
$entry
=
$d
->
read
()))
{
$paths
[]
=
$entry
;
}
$d
->
close
();
// All top level names in the router should be blacklisted
$router
=
Router
::
get
();
foreach
(
array_keys
(
$router
->
m
->
getPaths
())
as
$path
)
{
if
(
preg_match
(
'/^\/(.*?)[\/\?]/'
,
$path
,
$matches
))
{
$paths
[]
=
$matches
[
1
];
}
}
return
in_array
(
$str
,
$paths
);
}
/**
* Is the nickname already in use locally? Checks the User table.
*
* @param string $str
* @return User|null Returns null if no such user, otherwise a User object
*/
public
static
function
isTaken
(
$str
)
{
$user
=
User
::
getKV
(
'nickname'
,
$str
);
return
$user
;
// null if no such User entry
}
}
class
NicknameException
extends
ClientException
...
...
@@ -169,7 +237,7 @@ class NicknameInvalidException extends NicknameException {
}
}
class
NicknameEmptyException
extends
NicknameException
class
NicknameEmptyException
extends
Nickname
Invalid
Exception
{
/**
* Default localized message for this type of exception.
...
...
@@ -198,11 +266,42 @@ class NicknameTooLongException extends NicknameInvalidException
}
}
class
NicknameBlacklistException
extends
NicknameInvalidException
class
NicknameBlacklistedException
extends
NicknameException
{
protected
function
defaultMessage
()
{
// TRANS: Validation error in form for registration, profile and group settings, etc.
return
_
(
'Nickname is disallowed through blacklist.'
);
}
}
class
NicknamePathCollisionException
extends
NicknameException
{
protected
function
defaultMessage
()
{
// TRANS: Validation error in form for registration, profile and group settings, etc.
return
_
(
'Nickname is identical to system path names.'
);
}
}
class
NicknameTakenException
extends
NicknameException
{
public
$user
=
null
;
// the User which occupies the nickname
public
function
__construct
(
User
$user
,
$msg
=
null
,
$code
=
400
)
{
$this
->
byuser
=
$user
;
if
(
$msg
===
null
)
{
$msg
=
$this
->
defaultMessage
();
}
parent
::
__construct
(
$msg
,
$code
);
}
protected
function
defaultMessage
()
{
// TRANS: Validation error in form for registration, profile and group settings, etc.
return
_
(
'Nickname is
disallowed through blacklist or system path list
.'
);
return
_
(
'Nickname is
already in use on this server
.'
);
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment