From: Brion Vibber Date: Tue, 26 Sep 2006 16:06:16 +0000 (+0000) Subject: * (bug 6849) Block @ from usernames; interferes with multi-database tools and X-Git-Tag: 1.31.0-rc.0~55716 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/operations/?a=commitdiff_plain;h=3a515b48b1b6995dc91a2a500467329032a32166;p=lhc%2Fweb%2Fwiklou.git * (bug 6849) Block @ from usernames; interferes with multi-database tools and was meant to be banned years ago... For now existing accounts will not be prevented fromm login. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index af5b610a03..0419b9d870 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -228,6 +228,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Added info text to Special:Deadendpages and Special:Lonelypages * Fix regression in cachability of generated CSS and JS for MonoBook skin, while avoiding clobbering of different users' cached data +* (bug 6849) Block @ from usernames; interferes with multi-database tools and + was meant to be banned years ago... For now existing accounts will not be + prevented fromm login. == Languages updated == diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index 9dbfbc3961..9270996278 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -195,7 +195,7 @@ class LoginForm { global $wgUser, $wgOut; global $wgEnableSorbs, $wgProxyWhitelist; global $wgMemc, $wgAccountCreationThrottle, $wgDBname; - global $wgAuth, $wgMinimalPasswordLength, $wgReservedUsernames; + global $wgAuth, $wgMinimalPasswordLength; // If the user passes an invalid domain, something is fishy if( !$wgAuth->validDomain( $this->mDomain ) ) { @@ -236,7 +236,7 @@ class LoginForm { $name = trim( $this->mName ); $u = User::newFromName( $name ); - if ( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) { + if ( is_null( $u ) || !User::isCreatableName( $u->getName() ) ) { $this->mainLoginForm( wfMsg( 'noname' ) ); return false; } @@ -317,12 +317,12 @@ class LoginForm { function authenticateUserData() { - global $wgUser, $wgAuth, $wgReservedUsernames; + global $wgUser, $wgAuth; if ( '' == $this->mName ) { return AuthNoName; } $u = User::newFromName( $this->mName ); - if( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) { + if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) { return AuthIllegal; } if ( 0 == $u->getID() ) { @@ -362,7 +362,7 @@ class LoginForm { } function processLogin() { - global $wgUser, $wgAuth, $wgReservedUsernames; + global $wgUser, $wgAuth; switch ($this->authenticateUserData()) { diff --git a/includes/User.php b/includes/User.php index 5757ff6c90..efe6f2b65d 100644 --- a/includes/User.php +++ b/includes/User.php @@ -335,6 +335,48 @@ class User { return true; } + + /** + * Usernames which fail to pass this function will be blocked + * from user login and new account registrations, but may be used + * internally by batch processes. + * + * If an account already exists in this form, login will be blocked + * by a failure to pass this function. + * + * @param string $name + * @return bool + */ + static function isUsableName( $name ) { + global $wgReservedUsernames; + return + // Must be a usable username, obviously ;) + self::isValidUserName( $name ) && + + // Certain names may be reserved for batch processes. + !in_array( $name, $wgReservedUsernames ); + } + + /** + * Usernames which fail to pass this function will be blocked + * from new account registrations, but may be used internally + * either by batch processes or by user accounts which have + * already been created. + * + * Additional character blacklisting may be added here + * rather than in isValidUserName() to avoid disrupting + * existing accounts. + * + * @param string $name + * @return bool + */ + static function isCreatableName( $name ) { + return + self::isUsableName( $name ) && + + // Registration-time character blacklisting... + strpos( $name, '@' ) === false; + } /** * Is the input a valid password?