diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-04-07 10:35:33 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-04-07 10:35:33 +0200 |
| commit | 6f573f710ddf4034f725c7f58f11cb7c4c57631f (patch) | |
| tree | b4c5d459c137da7296c6e777c64ba75b99a119e7 /phpBB/includes | |
| parent | be86694305f87893cf1ced845af278fd8bf9fee3 (diff) | |
| parent | 7160c67b2ca8fa1c819d5da3e629fb02621a7066 (diff) | |
| download | forums-6f573f710ddf4034f725c7f58f11cb7c4c57631f.tar forums-6f573f710ddf4034f725c7f58f11cb7c4c57631f.tar.gz forums-6f573f710ddf4034f725c7f58f11cb7c4c57631f.tar.bz2 forums-6f573f710ddf4034f725c7f58f11cb7c4c57631f.tar.xz forums-6f573f710ddf4034f725c7f58f11cb7c4c57631f.zip | |
Merge pull request #5556 from 3D-I/ticket/16004
[ticket/16004] Add check-in for Emojis in Username
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions_user.php | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5f2dea3b94..d86470adf9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1718,16 +1718,20 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ function validate_username($username, $allowed_username = false) { global $config, $db, $user, $cache; @@ -1740,6 +1744,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { |