mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-14 04:30:29 +01:00
Code Issues Releases Wiki Activity

Merge branch 'ticket/security/254' into prep-release-3.3.5

Browse Source
This commit is contained in:
Marc Alexander 2021-10-01 22:35:54 +02:00
commit 5b3d238804
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/includes/functions_user.php
View File

@ -1752,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
}
// ... fast checks first.
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)
|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
{
return 'INVALID_CHARS';
}

11
tests/functions/validate_username_test.php
View File

@ -51,6 +51,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('USERNAME_TAKEN'),
'administrator' => array('INVALID_CHARS'),
)),
array('USERNAME_ALPHA_ONLY', array(
'foobar_allow' => array(),
@ -65,6 +66,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('INVALID_CHARS'),
'administrator' => array('INVALID_CHARS'),
)),
array('USERNAME_ALPHA_SPACERS', array(
'foobar_allow' => array(),
@ -79,6 +81,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('USERNAME_TAKEN'),
'administrator' => array('INVALID_CHARS'),
)),
array('USERNAME_LETTER_NUM', array(
'foobar_allow' => array(),
@ -93,6 +96,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('INVALID_CHARS'),
'administrator' => array('INVALID_CHARS'),
)),
array('USERNAME_LETTER_NUM_SPACERS', array(
'foobar_allow' => array(),
@ -107,6 +111,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('USERNAME_TAKEN'),
'administrator' => array('INVALID_CHARS'),
)),
array('USERNAME_ASCII', array(
'foobar_allow' => array(),
@ -121,6 +126,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'barfoo_disallow' => array('USERNAME_DISALLOWED'),
'admin_taken' => array('USERNAME_TAKEN'),
'group_taken' => array('USERNAME_TAKEN'),
'administrator' => array('INVALID_CHARS'),
)),
);
}
@ -201,6 +207,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
'foobar_group',
array('username'),
),
'administrator' => array(
$expected['administrator'],
'administrator',
array('username'),
),
));
}
}