summaryrefslogtreecommitdiffstats
path: root/web/lib/acctfuncs.inc.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-08-05 23:52:03 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-08-06 00:00:33 +0200
commit237a4570e2a2bbfd39520886f56c5240e6ed4bec (patch)
treebdba5a5fd0f92d7e0ea9e57d8066f5b81bafe3d3 /web/lib/acctfuncs.inc.php
parent13693fbdbc9c6625c627d3364cd00949461a61c6 (diff)
downloadaurweb-237a4570e2a2bbfd39520886f56c5240e6ed4bec.tar.xz
Add PCRE_DOLLAR_ENDONLY to preg_match()
When using preg_match() to check for a match that starts at the beginning of the string and ends at the last character of the string, we do not want to allow an additional newline character to sneak in. Amongst other potential loopholes, adding the PCRE_DOLLAR_ENDONLY modifier prevents users from registering with user names that end with a newline character. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/acctfuncs.inc.php')
-rw-r--r--web/lib/acctfuncs.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 254f0e2..e3ff494 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -544,7 +544,7 @@ function valid_username($user) {
if (strlen($user) < USERNAME_MIN_LEN ||
strlen($user) > USERNAME_MAX_LEN) {
return false;
- } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/i", $user)) {
+ } else if (!preg_match("/^[a-z0-9]+[.\-_]?[a-z0-9]+$/Di", $user)) {
return false;
}