fix for #12255 - do not allow empty cleaned usernames

git-svn-id: file:///svn/phpbb/trunk@7748 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-07 08:05:25 +02:00 · 2007-06-10 23:05:47 +00:00 · 2007-06-10 23:05:47 +00:00 · 056ab23bb6
commit 056ab23bb6
parent ef48211dc5
1 changed files with 9 additions and 2 deletions
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -143,9 +143,16 @@ function user_add($user_row, $cp_data = false)
 		return false;
 	}

+	$username_clean = utf8_clean_string($user_row['username']);
+
+	if (empty($username_clean))
+	{
+		return false;
+	}
+
 	$sql_ary = array(
 		'username'			=> $user_row['username'],
-		'username_clean'	=> utf8_clean_string($user_row['username']),
+		'username_clean'	=> $username_clean,
 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
 		'user_pass_convert'	=> 0,
 		'user_email'		=> strtolower($user_row['user_email']),
@ -1262,7 +1269,7 @@ function validate_username($username, $allowed_username = false)
 	}

 	// ... fast checks first.
-	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false)
+	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
 	{
 		return 'INVALID_CHARS';
 	}