aboutsummaryrefslogtreecommitdiff
path: root/lib/group_alias.php
blob: eb421e49eb313c1cdac52ac386d179a65d301959 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
/**
 * GroupAlias -- Shared Library
 *
 * @package        Lorea
 * @subpackage     GroupAlias
 *
 * Copyright 2011-2013 Lorea Faeries <federation@lorea.org>
 *
 * This file is part of the GroupAlias plugin for Elgg.
 *
 * GroupAlias is free software: you can redistribute it and/or
 * modify it under the terms of the GNU Affero General Public License
 * as published by the Free Software Foundation, either version 3 of
 * the License, or (at your option) any later version.
 *
 * GroupAlias is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this program. If not, see
 * <http://www.gnu.org/licenses/>.
 */

/**
 * Simple function which ensures that a group alias contains only valid characters.
 *
 * This should only permit chars that are valid on the file system as well.
 *
 * @param string $alias Group alias
 *
 * @return bool
 * @throws RegistrationException on invalid
 */
function group_alias_validate($alias) {

	// Basic, check length
	$min_length = elgg_get_config('minusername', 4);
	if (strlen($alias) < $min_length) {
		$msg = elgg_echo('groups:alias:registration:usernametooshort', array($min_length));
		throw new RegistrationException($msg);
	}

	// username in the database has a limit of 128 characters
	if (strlen($alias) > 128) {
		$msg = elgg_echo('groups:alias:registration:usernametoolong', array(128));
		throw new RegistrationException($msg);
	}

	// Blacklist for bad characters (partially nicked from mediawiki)
	$blacklist = '/[' .
		'\x{0080}-\x{009f}' . // iso-8859-1 control chars
		'\x{00a0}' .          // non-breaking space
		'\x{2000}-\x{200f}' . // various whitespace
		'\x{2028}-\x{202f}' . // breaks and control chars
		'\x{3000}' .          // ideographic space
		'\x{e000}-\x{f8ff}' . // private use
		']/u';

	if (
		preg_match($blacklist, $alias)
	) {
		throw new RegistrationException(elgg_echo('groups:alias:registration:invalidctrlchars'));
	}

	// Belts and braces
	// @todo Tidy into main unicode
	//$blacklist2 = '\'/\\"*& ?#%^(){}[]~?<>;|¬`@-+=';
	$blacklist2 = '\'/\\"*& ?#%^(){}[]~?<>;|¬`=';

	for ($n = 0; $n < strlen($blacklist2); $n++) {
		if (strpos($alias, $blacklist2[$n]) !== false) {
			$msg = elgg_echo('groups:alias:registration:invalidchars', array($blacklist2[$n], $blacklist2));
			$msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
			throw new RegistrationException($msg);
		}
	}

	$result = true;
	return elgg_trigger_plugin_hook('group_alias:validate', 'all',
		array('alias' => $alias), $result);
}