aboutsummaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-14 14:38:55 +0000
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>2008-11-14 14:38:55 +0000
commit8bc7ad4383452b2a3872aea3ef7c3eaef675af3b (patch)
treee53ab979893650a6b50074dbd09f69dd59743cc6 /services
parent67a13f74ce1b51732a9b3f759ca956bd762b0c0b (diff)
downloadsemanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.gz
semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.bz2
Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'services')
-rw-r--r--services/userservice.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/services/userservice.php b/services/userservice.php
index e50faaa..9b295da 100644
--- a/services/userservice.php
+++ b/services/userservice.php
@@ -393,8 +393,9 @@ class UserService {
if (strlen($username) > 24) {
// too long usernames are cut by database and may cause bugs when compared
return false;
- } else {
- return true;
+ } elseif (preg_match('/(\W)/', $username) > 0) {
+ // forbidden non-alphanumeric characters
+ return false;
}
return true;
}