Wasn't checking for wildcards in disallowed usernames during validation ... how we missed this for months is beyond me ... thanks to the anonymous bug track adder ...

git-svn-id: file:///svn/phpbb/trunk@2391 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-04 21:44:57 +02:00 · 2002-03-21 14:29:42 +00:00 · 2002-03-21 14:29:42 +00:00 · 8aaf250314
commit 8aaf250314
parent 1ed2ed3072
1 changed files with 6 additions and 4 deletions
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@ -58,13 +58,15 @@ function validate_username($username)
 	}

 	$sql = "SELECT disallow_username
-		FROM " . DISALLOW_TABLE . "
-		WHERE disallow_username LIKE '$username'";
+		FROM " . DISALLOW_TABLE;
 	if ( $result = $db->sql_query($sql) )
 	{
-		if ( $db->sql_fetchrow($result) )
+		while( $row = $db->sql_fetchrow($result) )
 		{
-			return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+			if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) )
+			{
+				return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+			}
 		}
 	}