* Added info text to Special:Deadendpages and Special:Lonelypages
* Fix regression in cachability of generated CSS and JS for MonoBook skin,
while avoiding clobbering of different users' cached data
+* (bug 6849) Block @ from usernames; interferes with multi-database tools and
+ was meant to be banned years ago... For now existing accounts will not be
+ prevented fromm login.
== Languages updated ==
global $wgUser, $wgOut;
global $wgEnableSorbs, $wgProxyWhitelist;
global $wgMemc, $wgAccountCreationThrottle, $wgDBname;
- global $wgAuth, $wgMinimalPasswordLength, $wgReservedUsernames;
+ global $wgAuth, $wgMinimalPasswordLength;
// If the user passes an invalid domain, something is fishy
if( !$wgAuth->validDomain( $this->mDomain ) ) {
$name = trim( $this->mName );
$u = User::newFromName( $name );
- if ( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) {
+ if ( is_null( $u ) || !User::isCreatableName( $u->getName() ) ) {
$this->mainLoginForm( wfMsg( 'noname' ) );
return false;
}
function authenticateUserData()
{
- global $wgUser, $wgAuth, $wgReservedUsernames;
+ global $wgUser, $wgAuth;
if ( '' == $this->mName ) {
return AuthNoName;
}
$u = User::newFromName( $this->mName );
- if( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) {
+ if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) {
return AuthIllegal;
}
if ( 0 == $u->getID() ) {
}
function processLogin() {
- global $wgUser, $wgAuth, $wgReservedUsernames;
+ global $wgUser, $wgAuth;
switch ($this->authenticateUserData())
{
return true;
}
+
+ /**
+ * Usernames which fail to pass this function will be blocked
+ * from user login and new account registrations, but may be used
+ * internally by batch processes.
+ *
+ * If an account already exists in this form, login will be blocked
+ * by a failure to pass this function.
+ *
+ * @param string $name
+ * @return bool
+ */
+ static function isUsableName( $name ) {
+ global $wgReservedUsernames;
+ return
+ // Must be a usable username, obviously ;)
+ self::isValidUserName( $name ) &&
+
+ // Certain names may be reserved for batch processes.
+ !in_array( $name, $wgReservedUsernames );
+ }
+
+ /**
+ * Usernames which fail to pass this function will be blocked
+ * from new account registrations, but may be used internally
+ * either by batch processes or by user accounts which have
+ * already been created.
+ *
+ * Additional character blacklisting may be added here
+ * rather than in isValidUserName() to avoid disrupting
+ * existing accounts.
+ *
+ * @param string $name
+ * @return bool
+ */
+ static function isCreatableName( $name ) {
+ return
+ self::isUsableName( $name ) &&
+
+ // Registration-time character blacklisting...
+ strpos( $name, '@' ) === false;
+ }
/**
* Is the input a valid password?