Revert "Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames."
This reverts commit 15f9c80c28
.
So, so, elegant! And so, so, incorrect!
We can't have a user named 'notice' because that would interfere with
URLs like /notice/1234. However, there is no file named 'notice' in
the Web root.
If there were a way to automatically pull out the virtual paths in the
root dir, this may make sense. Until then, we keep track here.
This commit is contained in:
parent
659da177ea
commit
6664528244
|
@ -120,15 +120,11 @@ class User extends Memcached_DataObject
|
|||
function allowed_nickname($nickname)
|
||||
{
|
||||
// XXX: should already be validated for size, content, etc.
|
||||
|
||||
$blacklist = array();
|
||||
|
||||
//all directory and file names should be blacklisted
|
||||
$d = dir(INSTALLDIR);
|
||||
while (false !== ($entry = $d->read())) {
|
||||
$blacklist[]=$entry;
|
||||
}
|
||||
$d->close();
|
||||
static $blacklist = array('rss', 'xrds', 'doc', 'main',
|
||||
'settings', 'notice', 'user',
|
||||
'search', 'avatar', 'tag', 'tags',
|
||||
'api', 'message', 'group', 'groups',
|
||||
'local');
|
||||
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
|
||||
return !in_array($nickname, $merged);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user