mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-16 13:52:03 +02:00
Code Issues Releases Wiki Activity

[ticket/security/254] Disallow whitespace characters that might be invisible

Browse Source 
SECURITY-254
This commit is contained in:
Marc Alexander 2021-05-24 17:08:28 +02:00
parent ed33f06235
commit f302440297
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/includes/functions_user.php
View File

@ -1752,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
}
// ... fast checks first.
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)
|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
{
return 'INVALID_CHARS';
}