From 7a3d6a8168c7cd7da4f3ff462579ed562d0432a1 Mon Sep 17 00:00:00 2001
From: RMcGirr83 <rmcgirr83@gmail.com>
Date: Mon, 29 Nov 2010 07:10:19 -0500
Subject: [ticket/8736] guest can have 255 chars long username

when you post as a guest (anonymous) you can fill the field username with 255
chars. that will destroy the prosilver and subsilver2 style at viewtopic.
settings for username in ACP: 6-16 Chars

PHPBB3-8736
---
 phpBB/posting.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'phpBB/posting.php')

diff --git a/phpBB/posting.php b/phpBB/posting.php
index f775699cee..7368026136 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -861,11 +861,18 @@ if ($submit || $preview || $refresh)
 	{
 		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 
+		$user->add_lang('ucp');
+
 		if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false)
 		{
-			$user->add_lang('ucp');
 			$error[] = $user->lang[$result . '_USERNAME'];
 		}
+
+		if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false)
+		{
+			$min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars'];
+			$error[] = sprintf($user->lang['FIELD_' . $result], $user->lang['USERNAME'], $min_max_amount);
+		}
 	}
 
 	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply')))
-- 
cgit v1.2.1