disallow nicknames on a blacklist
darcs-hash:20080622180437-34904-4b6313f6fd8845232031663c5c2df00dff725183.gz
This commit is contained in:
parent
a69dbe7cd5
commit
d758c11784
|
@ -167,6 +167,11 @@ class FinishopenidloginAction extends Action {
|
||||||
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
|
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!User::allowed_nickname($nickname)) {
|
||||||
|
$this->show_form(_t('Nickname not allowed.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (User::staticGet('nickname', $nickname)) {
|
if (User::staticGet('nickname', $nickname)) {
|
||||||
$this->show_form(_t('Nickname already in use. Try another one.'));
|
$this->show_form(_t('Nickname already in use. Try another one.'));
|
||||||
|
@ -338,6 +343,9 @@ class FinishopenidloginAction extends Action {
|
||||||
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (!User::allowed_nickname($str)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (User::staticGet('nickname', $str)) {
|
if (User::staticGet('nickname', $str)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,6 +88,8 @@ class ProfilesettingsAction extends SettingsAction {
|
||||||
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
||||||
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
|
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
|
||||||
return;
|
return;
|
||||||
|
} else if (!User::allowed_nickname($nickname)) {
|
||||||
|
$this->show_form(_t('Not a valid nickname.'));
|
||||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||||
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
|
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
|
||||||
$this->show_form(_t('Homepage is not a valid URL.'));
|
$this->show_form(_t('Homepage is not a valid URL.'));
|
||||||
|
|
|
@ -57,6 +57,8 @@ class RegisterAction extends Action {
|
||||||
$this->show_form(_t('Nickname must have only lowercase letters and numbers and no spaces.'));
|
$this->show_form(_t('Nickname must have only lowercase letters and numbers and no spaces.'));
|
||||||
} else if ($this->nickname_exists($nickname)) {
|
} else if ($this->nickname_exists($nickname)) {
|
||||||
$this->show_form(_t('Nickname already exists.'));
|
$this->show_form(_t('Nickname already exists.'));
|
||||||
|
} else if (!User::allowed_nickname($nickname)) {
|
||||||
|
$this->show_form(_t('Not a valid nickname.'));
|
||||||
} else if ($this->email_exists($email)) {
|
} else if ($this->email_exists($email)) {
|
||||||
$this->show_form(_t('Email address already exists.'));
|
$this->show_form(_t('Email address already exists.'));
|
||||||
} else if ($password != $confirm) {
|
} else if ($password != $confirm) {
|
||||||
|
|
|
@ -83,4 +83,12 @@ class User extends DB_DataObject
|
||||||
' WHERE id = ' . $this->id;
|
' WHERE id = ' . $this->id;
|
||||||
return $this->query($qry);
|
return $this->query($qry);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function allowed_nickname($nickname) {
|
||||||
|
# XXX: should already be validated for size, content, etc.
|
||||||
|
static $blacklist = array('rss', 'xrds', 'doc', 'main',
|
||||||
|
'settings', 'notice', 'user');
|
||||||
|
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
|
||||||
|
return !in_array($nickname, $merged);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,3 +33,6 @@ $config['db']['database'] = 'mysql://laconica:microblog@localhost/laconica';
|
||||||
|
|
||||||
#session_set_cookie_params(0, '/'. $config['site']['path'] .'/');
|
#session_set_cookie_params(0, '/'. $config['site']['path'] .'/');
|
||||||
|
|
||||||
|
#Standard fancy-url clashes prevented by not allowing nicknames on a blacklist
|
||||||
|
#Add your own here. Note: empty array by default
|
||||||
|
#$config['nickname']['blacklist'][] = 'scobleizer';
|
||||||
|
|
|
@ -54,7 +54,9 @@ $config =
|
||||||
'image' => 'http://i.creativecommons.org/l/by/3.0/88x31.png'),
|
'image' => 'http://i.creativecommons.org/l/by/3.0/88x31.png'),
|
||||||
'mail' =>
|
'mail' =>
|
||||||
array('backend' => 'mail',
|
array('backend' => 'mail',
|
||||||
'params' => NULL)
|
'params' => NULL),
|
||||||
|
'nickname' =>
|
||||||
|
array('blacklist' => array())
|
||||||
);
|
);
|
||||||
|
|
||||||
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
|
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
|
||||||
|
|
Loading…
Reference in New Issue
Block a user