diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-21 14:29:42 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-21 14:29:42 +0000 |
| commit | 8aaf250314a900dc15764ff3405627a77395a5db (patch) | |
| tree | 28cef2114300ba31842cab0f3b477da825eda945 | |
| parent | 1ed2ed30728532e78fa4664f8f1fe17fe8d3ec52 (diff) | |
| download | forums-8aaf250314a900dc15764ff3405627a77395a5db.tar forums-8aaf250314a900dc15764ff3405627a77395a5db.tar.gz forums-8aaf250314a900dc15764ff3405627a77395a5db.tar.bz2 forums-8aaf250314a900dc15764ff3405627a77395a5db.tar.xz forums-8aaf250314a900dc15764ff3405627a77395a5db.zip | |
Wasn't checking for wildcards in disallowed usernames during validation ... how we missed this for months is beyond me ... thanks to the anonymous bug track adder ...
git-svn-id: file:///svn/phpbb/trunk@2391 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/functions_validate.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/phpBB/includes/functions_validate.php b/phpBB/includes/functions_validate.php index 1f70cf2e7e..c9c9724368 100644 --- a/phpBB/includes/functions_validate.php +++ b/phpBB/includes/functions_validate.php @@ -58,13 +58,15 @@ function validate_username($username) } $sql = "SELECT disallow_username - FROM " . DISALLOW_TABLE . " - WHERE disallow_username LIKE '$username'"; + FROM " . DISALLOW_TABLE; if ( $result = $db->sql_query($sql) ) { - if ( $db->sql_fetchrow($result) ) + while( $row = $db->sql_fetchrow($result) ) { - return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) ) + { + return array('error' => true, 'error_msg' => $lang['Username_disallowed']); + } } } |