diff options
author | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-14 14:38:55 +0000 |
---|---|---|
committer | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-14 14:38:55 +0000 |
commit | 8bc7ad4383452b2a3872aea3ef7c3eaef675af3b (patch) | |
tree | e53ab979893650a6b50074dbd09f69dd59743cc6 /services/userservice.php | |
parent | 67a13f74ce1b51732a9b3f759ca956bd762b0c0b (diff) | |
download | semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.gz semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.bz2 |
Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'services/userservice.php')
-rw-r--r-- | services/userservice.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/services/userservice.php b/services/userservice.php index e50faaa..9b295da 100644 --- a/services/userservice.php +++ b/services/userservice.php @@ -393,8 +393,9 @@ class UserService { if (strlen($username) > 24) { // too long usernames are cut by database and may cause bugs when compared return false; - } else { - return true; + } elseif (preg_match('/(\W)/', $username) > 0) { + // forbidden non-alphanumeric characters + return false; } return true; } |