From d27adda39ec2b13f0a6bcdbb6d47f8c1d22effc4 Mon Sep 17 00:00:00 2001 From: marcus Date: Thu, 11 Jun 2009 18:39:02 +0000 Subject: Block URL unsafe characters from username git-svn-id: https://code.elgg.org/elgg/trunk@3327 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/users.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'engine') diff --git a/engine/lib/users.php b/engine/lib/users.php index 6b16e5e69..85056269b 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1149,7 +1149,10 @@ (strpos($username, '\'')!==false) || (strpos($username, '*')!==false) || (strpos($username, '&')!==false) || - (strpos($username, ' ')!==false) + (strpos($username, ' ')!==false) || + (strpos($username, '?')!==false) || + (strpos($username, '#')!==false) || + (strpos($username, '%')!==false) ) throw new RegistrationException(elgg_echo('registration:invalidchars')); -- cgit v1.2.3