diff options
| -rw-r--r-- | phpBB/includes/functions_user.php | 32 | ||||
| -rw-r--r-- | phpBB/language/en/ucp.php | 1 | ||||
| -rw-r--r-- | tests/functions/validate_username_test.php | 11 |
3 files changed, 34 insertions, 10 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5f2dea3b94..d86470adf9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1718,16 +1718,20 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ function validate_username($username, $allowed_username = false) { global $config, $db, $user, $cache; @@ -1740,6 +1744,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index d5c6778e3b..2622fb57b7 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -272,6 +272,7 @@ $lang = array_merge($lang, array( 'IMPORTANT_NEWS' => 'Important announcements', 'INVALID_USER_BIRTHDAY' => 'The entered birthday is not a valid date.', 'INVALID_CHARS_USERNAME' => 'The username contains forbidden characters.', + 'INVALID_EMOJIS_USERNAME' => 'The username contains forbidden characters (Emoji).', 'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.', 'ITEMS_REQUIRED' => 'The items marked with * are required profile fields and need to be filled out.', diff --git a/tests/functions/validate_username_test.php b/tests/functions/validate_username_test.php index d310f58036..cee5d38400 100644 --- a/tests/functions/validate_username_test.php +++ b/tests/functions/validate_username_test.php @@ -47,6 +47,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array(), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -60,6 +61,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('INVALID_CHARS'), @@ -73,6 +75,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -86,6 +89,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('INVALID_CHARS'), @@ -99,6 +103,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array(), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -112,6 +117,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -173,6 +179,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case '"foobar"', array('username'), ), + 'foobar_emoji' => array( + $expected['foobar_emoji'], + 'usernameš®', + array('username'), + ), 'barfoo_disallow' => array( $expected['barfoo_disallow'], 'barfoo', |