mirror of
				https://github.com/phpbb/phpbb.git
				synced 2025-10-26 13:16:14 +01:00 
			
		
		
		
	Wasn't checking for wildcards in disallowed usernames during validation ... how we missed this for months is beyond me ... thanks to the anonymous bug track adder ...
git-svn-id: file:///svn/phpbb/trunk@2391 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
		| @@ -58,15 +58,17 @@ function validate_username($username) | ||||
| 	} | ||||
|  | ||||
| 	$sql = "SELECT disallow_username | ||||
| 		FROM " . DISALLOW_TABLE . " | ||||
| 		WHERE disallow_username LIKE '$username'"; | ||||
| 		FROM " . DISALLOW_TABLE; | ||||
| 	if ( $result = $db->sql_query($sql) ) | ||||
| 	{ | ||||
| 		if ( $db->sql_fetchrow($result) ) | ||||
| 		while( $row = $db->sql_fetchrow($result) ) | ||||
| 		{ | ||||
| 			if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) ) | ||||
| 			{ | ||||
| 				return array('error' => true, 'error_msg' => $lang['Username_disallowed']); | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	$sql = "SELECT word  | ||||
| 		FROM  " . WORDS_TABLE; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user