From: Ævar Arnfjörð Bjarmason Date: Mon, 27 Jun 2005 06:33:45 +0000 (+0000) Subject: * Fixed a bug that would occour if $wgCapitalLinks was set to false, a user X-Git-Tag: 1.5.0beta2~179 X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=7666ef1c37adb408b9381300b6d0f0ae443e39c2;p=lhc%2Fweb%2Fwiklou.git * Fixed a bug that would occour if $wgCapitalLinks was set to false, a user agent could create a username that began with a lower case letter that was not in the ASCII character set ( now user $wgContLang->ucfirst() instead of PHP ucfirst() ) * Moved the user name / password validity checking from LoginForm::addNewAccountInternal() to two new functions, User::isValidUserName() and User::isValidPassword(), extensions can now do these checks without rewriting code. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 8395ac4a2a..cc9483a151 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -381,6 +381,14 @@ Various bugfixes, small features, and a few experimental things: * Try reading revision _text_ from master if no result on slave * Use content-language message cache for raw view of message pages * (bug 2530) Not displaying talk pages on Special:Watchlist/edit +* Fixed a bug that would occour if $wgCapitalLinks was set to false, a user + agent could create a username that began with a lower case letter that was + not in the ASCII character set ( now user $wgContLang->ucfirst() instead of + PHP ucfirst() ) +* Moved the user name / password validity checking from + LoginForm::addNewAccountInternal() to two new functions, + User::isValidUserName() and User::isValidPassword(), extensions can now do + these checks without rewriting code. === Caveats === diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index f7b66802c9..953e3c9d11 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -159,9 +159,8 @@ class LoginForm { */ function addNewAccountInternal() { global $wgUser, $wgOut; - global $wgMaxNameChars, $wgUseLatin1, $wgEnableSorbs, $wgProxyWhitelist; + global $wgUseLatin1, $wgEnableSorbs, $wgProxyWhitelist; global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP; - global $wgMinimalPasswordLength; global $wgAuth; // If the user passes an invalid domain, something is fishy @@ -183,8 +182,6 @@ class LoginForm { } } - - if (!$wgUser->isAllowedToCreateAccount()) { $this->userNotPrivilegedMessage(); return false; @@ -205,16 +202,11 @@ class LoginForm { $name = trim( $this->mName ); $u = User::newFromName( $name ); - if ( is_null( $u ) || - ( '' == $name ) || - $wgUser->isIP( $name ) || - (strpos( $name, '/' ) !== false) || - (strlen( $name ) > $wgMaxNameChars) || - ucFirst($name) != $u->getName() ) - { + if ( is_null( $u ) || !$wgUser->isValidUserName( $name ) ) { $this->mainLoginForm( wfMsg( 'noname' ) ); return false; } + if ( wfReadOnly() ) { $wgOut->readOnlyPage(); return false; @@ -225,7 +217,7 @@ class LoginForm { return false; } - if ( strlen( $this->mPassword ) < $wgMinimalPasswordLength ) { + if ( !$wgUser->isValidPassword( $this->mPassword ) ) { $this->mainLoginForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) ); return false; } diff --git a/includes/User.php b/includes/User.php index 0de409067a..807b4c940a 100644 --- a/includes/User.php +++ b/includes/User.php @@ -163,8 +163,44 @@ class User { } /** + * Is the input a valid username? + * + * Checks if the input is a valid username, we don't want an empty string, + * an IP address, anything that containins slashes (would mess up subpages), + * is longer than the maximum allowed username size or doesn't begin with + * a capital letter. + * + * @param string $name + * @return bool + */ + function isValidUserName( $name ) { + global $wgContLang, $wgMaxNameChars; + + if ( $name == '' + || $this->isIP( $name ) + || strpos( $name, '/' ) !== false + || strlen( $name ) > $wgMaxNameChars + || $name != $wgContLang->ucfirst( $name ) ) + return false; + else + return true; + } + + /** + * Is the input a valid password? + * + * @param string $password + * @return bool + */ + function isValidPassword( $password ) { + global $wgMinimalPasswordLength; + return strlen( $password ) >= $wgMinimalPasswordLength; + } + + /** * does the string match roughly an email address ? * + * @todo Check for RFC 2822 compilance * @bug 959 * * @param string $addr email address