disallow nicknames on a blacklist
darcs-hash:20080622180437-34904-4b6313f6fd8845232031663c5c2df00dff725183.gz
This commit is contained in:
parent
a69dbe7cd5
commit
d758c11784
|
@ -168,6 +168,11 @@ class FinishopenidloginAction extends Action {
|
|||
return;
|
||||
}
|
||||
|
||||
if (!User::allowed_nickname($nickname)) {
|
||||
$this->show_form(_t('Nickname not allowed.'));
|
||||
return;
|
||||
}
|
||||
|
||||
if (User::staticGet('nickname', $nickname)) {
|
||||
$this->show_form(_t('Nickname already in use. Try another one.'));
|
||||
return;
|
||||
|
@ -338,6 +343,9 @@ class FinishopenidloginAction extends Action {
|
|||
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
||||
return false;
|
||||
}
|
||||
if (!User::allowed_nickname($str)) {
|
||||
return false;
|
||||
}
|
||||
if (User::staticGet('nickname', $str)) {
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -88,6 +88,8 @@ class ProfilesettingsAction extends SettingsAction {
|
|||
'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
|
||||
$this->show_form(_t('Nickname must have only letters and numbers and no spaces.'));
|
||||
return;
|
||||
} else if (!User::allowed_nickname($nickname)) {
|
||||
$this->show_form(_t('Not a valid nickname.'));
|
||||
} else if (!is_null($homepage) && (strlen($homepage) > 0) &&
|
||||
!Validate::uri($homepage, array('allowed_schemes' => array('http', 'https')))) {
|
||||
$this->show_form(_t('Homepage is not a valid URL.'));
|
||||
|
|
|
@ -57,6 +57,8 @@ class RegisterAction extends Action {
|
|||
$this->show_form(_t('Nickname must have only lowercase letters and numbers and no spaces.'));
|
||||
} else if ($this->nickname_exists($nickname)) {
|
||||
$this->show_form(_t('Nickname already exists.'));
|
||||
} else if (!User::allowed_nickname($nickname)) {
|
||||
$this->show_form(_t('Not a valid nickname.'));
|
||||
} else if ($this->email_exists($email)) {
|
||||
$this->show_form(_t('Email address already exists.'));
|
||||
} else if ($password != $confirm) {
|
||||
|
|
|
@ -83,4 +83,12 @@ class User extends DB_DataObject
|
|||
' WHERE id = ' . $this->id;
|
||||
return $this->query($qry);
|
||||
}
|
||||
|
||||
function allowed_nickname($nickname) {
|
||||
# XXX: should already be validated for size, content, etc.
|
||||
static $blacklist = array('rss', 'xrds', 'doc', 'main',
|
||||
'settings', 'notice', 'user');
|
||||
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
|
||||
return !in_array($nickname, $merged);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,3 +33,6 @@ $config['db']['database'] = 'mysql://laconica:microblog@localhost/laconica';
|
|||
|
||||
#session_set_cookie_params(0, '/'. $config['site']['path'] .'/');
|
||||
|
||||
#Standard fancy-url clashes prevented by not allowing nicknames on a blacklist
|
||||
#Add your own here. Note: empty array by default
|
||||
#$config['nickname']['blacklist'][] = 'scobleizer';
|
||||
|
|
|
@ -54,7 +54,9 @@ $config =
|
|||
'image' => 'http://i.creativecommons.org/l/by/3.0/88x31.png'),
|
||||
'mail' =>
|
||||
array('backend' => 'mail',
|
||||
'params' => NULL)
|
||||
'params' => NULL),
|
||||
'nickname' =>
|
||||
array('blacklist' => array())
|
||||
);
|
||||
|
||||
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
|
||||
|
|
Loading…
Reference in New Issue
Block a user