diff options
author | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-19 17:15:45 +0000 |
---|---|---|
committer | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-19 17:15:45 +0000 |
commit | 5e8f59e1913f7912e27785be275243604b036f34 (patch) | |
tree | 4961c7594321ed302d6bd9e4708fde8c6e6a46ee /mod | |
parent | 1c4a209cce54ae7af318453d072e7742b629949c (diff) | |
download | elgg-5e8f59e1913f7912e27785be275243604b036f34.tar.gz elgg-5e8f59e1913f7912e27785be275243604b036f34.tar.bz2 |
Better unicode patching for icons. Fixes #789
git-svn-id: https://code.elgg.org/elgg/trunk@2823 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod')
-rw-r--r-- | mod/profile/icondirect.php | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index ce2cc4785..ee7f0a5e3 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -21,7 +21,27 @@ $username = $_GET['username'];
- $username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
+ //$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
+ $blacklist = '/[' .
+ '\x{0080}-\x{009f}' . # iso-8859-1 control chars
+ '\x{00a0}' . # non-breaking space
+ '\x{2000}-\x{200f}' . # various whitespace
+ '\x{2028}-\x{202f}' . # breaks and control chars
+ '\x{3000}' . # ideographic space
+ '\x{e000}-\x{f8ff}' . # private use
+ ']/u';
+ if (
+ preg_match($blacklist, $username) ||
+
+ (strpos($username, '/')!==false) ||
+ (strpos($username, '\\')!==false) ||
+ (strpos($username, '"')!==false) ||
+ (strpos($username, '\'')!==false) ||
+ (strpos($username, '*')!==false) ||
+ (strpos($username, '&')!==false) ||
+ (strpos($username, ' ')!==false)
+ ) exit;
+
$userarray = str_split($username);
$matrix = '';
|