diff options
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5372a28d18..d86470adf9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -692,7 +692,8 @@ function user_delete($mode, $user_ids, $retain_username = true) PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), - $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc') + $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'), + $phpbb_container->getParameter('tables.user_notifications') ]; // Ignore errors on deleting from non-existent tables, e.g. when migrating @@ -1717,16 +1718,20 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ function validate_username($username, $allowed_username = false) { global $config, $db, $user, $cache; @@ -1739,6 +1744,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { |