wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SECURITY] Remove aggressive normalization of nicknames. This will be moved to a plugin in the future and we'll open an RFC, as discussed

Browse Source
This commit is contained in:
Hugo Sales 2021-07-26 17:12:15 +00:00
parent 4ec9b910c2
commit cb7fa0a081
No known key found for this signature in database
GPG Key ID: 7D0C7EAFC9D835A0
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Security/Authenticator.php
View File

@ -90,7 +90,8 @@ class Authenticator extends AbstractFormLoginAuthenticator
throw new InvalidCsrfTokenException();
}
$nick = Nickname::normalize($credentials['nickname']);
// $nick = Nickname::normalize($credentials['nickname']);
$nick = $credentials['nickname'];
$user = null;
try {
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);

6
src/Util/Nickname.php
View File

@ -144,9 +144,9 @@ class Nickname
}
$nickname = trim($nickname);
$nickname = str_replace('_', '', $nickname);
$nickname = mb_strtolower($nickname);
$nickname = Normalizer::normalize($nickname, Normalizer::FORM_C);
// $nickname = str_replace('_', '', $nickname);
// $nickname = mb_strtolower($nickname);
// $nickname = Normalizer::normalize($nickname, Normalizer::FORM_C);
if (!$checking_reserved) {
if (mb_strlen($nickname) < 1) {