From e424d8dc6904213c6348957dd5ea59f36ef27217 Mon Sep 17 00:00:00 2001
From: Rob Church <robchurch@users.mediawiki.org>
Date: Sat, 19 May 2007 19:55:57 +0000
Subject: [PATCH] (bug 9813) Reject usernames containing '#' to avoid silent
 truncation of fragments during the normalisation process

This adds an explicit check to User::getCanonicalName() which is required to run before title normalisation, since it's too late once that's been done. This won't affect existing accounts.
---
 RELEASE-NOTES     | 2 ++
 includes/User.php | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 98ab4b7387..82bddf0654 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -69,6 +69,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 1229) Balance columns in diff display evenly
 * Right-align diff line numbers in RTL language display
 * (bug 9332) Fix instructions in tests/README
+* (bug 9813) Reject usernames containing '#' to avoid silent truncation
+  of fragments during the normalisation process
 
 == MediaWiki API changes since 1.10 ==
 
diff --git a/includes/User.php b/includes/User.php
index 33cb9a6bc0..f60c4298c6 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -531,6 +531,12 @@ class User {
 		global $wgContLang;
 		$name = $wgContLang->ucfirst( $name );
 
+		# Reject names containing '#'; these will be cleaned up
+		# with title normalisation, but then it's too late to
+		# check elsewhere
+		if( strpos( $name, '#' ) !== false )
+			return false;
+
 		# Clean up name according to title rules
 		$t = Title::newFromText( $name );
 		if( is_null( $t ) ) {
-- 
2.20.1