From d8261b39709c103edac2456b81f4ad804eb630b4 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 13 Feb 2006 07:29:27 +0000
Subject: [PATCH] * Blocking some Unicode whitespace characters in usernames.
 Should check   if some or all should be blocked from all page titles.

---
 RELEASE-NOTES     |  2 ++
 includes/User.php | 18 ++++++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5b7078af15..c98fd12161 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -611,6 +611,8 @@ fully support the editing toolbar, but was found to be too confusing.
 * (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages
 * Added support for wikidiff2 and similar external diff engines.
 * Allow cookies to be shared between multiple wikis with a shared user database
+* Blocking some Unicode whitespace characters in usernames. Should check
+  if some or all should be blocked from all page titles.
 
 
 === Caveats ===
diff --git a/includes/User.php b/includes/User.php
index d1861acbce..c293125fcb 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -210,8 +210,22 @@ class User {
 			|| $parsed->getNamespace()
 			|| strcmp( $name, $parsed->getPrefixedText() ) )
 			return false;
-		else
-			return true;
+		
+		// Check an additional blacklist of troublemaker characters.
+		// Should these be merged into the title char list?
+		$unicodeBlacklist = '/[' .
+			'\x{0080}-\x{009f}' . # iso-8859-1 control chars
+			'\x{00a0}' .          # non-breaking space
+			'\x{2000}-\x{200f}' . # various whitespace
+			'\x{2028}-\x{202f}' . # breaks and control chars
+			'\x{3000}' .          # ideographic space
+			'\x{e000}-\x{f8ff}' . # private use
+			']/u';
+		if( preg_match( $unicodeBlacklist, $name ) ) {
+			return false;
+		}
+		
+		return true;
 	}
 
 	/**
-- 
2.20.1