From 88f1e8307f9a83b506ecae2e013125389310fed6 Mon Sep 17 00:00:00 2001
From: Jerome Bakker <jeabakker@coldtrick.com>
Date: Wed, 18 Apr 2012 15:19:34 +0200
Subject: fixes #4406: validate username for max chars

---
 engine/lib/users.php | 6 ++++++
 languages/en.php     | 1 +
 2 files changed, 7 insertions(+)

diff --git a/engine/lib/users.php b/engine/lib/users.php
index f1d42e25e..79a054938 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -810,6 +810,12 @@ function validate_username($username) {
 		$msg = elgg_echo('registration:usernametooshort', array($CONFIG->minusername));
 		throw new RegistrationException($msg);
 	}
+	
+	// username in the database has a limit of 128 characters
+	if (strlen($username) > 128) {
+		$msg = elgg_echo('registration:usernametoolong', array(128));
+		throw new RegistrationException($msg);
+	}
 
 	// Blacklist for bad characters (partially nicked from mediawiki)
 	$blacklist = '/[' .
diff --git a/languages/en.php b/languages/en.php
index 14df3db34..25edfa149 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -503,6 +503,7 @@ $english = array(
 	'registration:notemail' => 'The email address you provided does not appear to be a valid email address.',
 	'registration:userexists' => 'That username already exists',
 	'registration:usernametooshort' => 'Your username must be a minimum of %u characters long.',
+	'registration:usernametoolong' => 'Your username is too long it can have a maximum of %u characters.',
 	'registration:passwordtooshort' => 'The password must be a minimum of %u characters long.',
 	'registration:dupeemail' => 'This email address has already been registered.',
 	'registration:invalidchars' => 'Sorry, your username contains the character %s which is invalid. The following characters are invalid: %s',
-- 
cgit v1.2.3