Skip to content

Commit

Permalink
Merge pull request #5846 from BOINC/dpa_username
Browse files Browse the repository at this point in the history
web: don't allow special chars in user names.
  • Loading branch information
AenBleidd authored Oct 21, 2024
2 parents 478ca1c + 3b1edd1 commit af2bf98
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions html/inc/user_util.inc
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ function is_valid_user_name($name, &$reason) {
$reason = tra("user name must be nonempty");
return false;
}
if (sanitize_tags($name) !== $name) {
$reason = tra("user name may not contain HTML tags");
if (filter_var($name, FILTER_SANITIZE_SPECIAL_CHARS) !== $name) {
$reason = tra("user name may not contain special characters");
return false;
}
if (is_numeric($name)) {
Expand Down
7 changes: 4 additions & 3 deletions html/user/edit_user_info_action.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,17 @@
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once("../inc/user_util.inc");
require_once("../inc/countries.inc");

check_get_args(array("tnow", "ttok"));

$user = get_logged_in_user();
check_tokens($user->authenticator);

$name = trim(post_str("user_name"));
if ($name != sanitize_tags($name)) {
error_page(tra("HTML tags are not allowed in your name."));
$name = post_str("user_name");
if (!is_valid_user_name($name, $reason)) {
error_page($reason);
}
if (strlen($name) == 0) {
error_page(tra("You must supply a name for your account."));
Expand Down

0 comments on commit af2bf98

Please sign in to comment.