From 3a515b48b1b6995dc91a2a500467329032a32166 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 26 Sep 2006 16:06:16 +0000 Subject: [PATCH] * (bug 6849) Block @ from usernames; interferes with multi-database tools and was meant to be banned years ago... For now existing accounts will not be prevented fromm login. --- RELEASE-NOTES | 3 +++ includes/SpecialUserlogin.php | 10 ++++----- includes/User.php | 42 +++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index af5b610a03..0419b9d870 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -228,6 +228,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Added info text to Special:Deadendpages and Special:Lonelypages * Fix regression in cachability of generated CSS and JS for MonoBook skin, while avoiding clobbering of different users' cached data +* (bug 6849) Block @ from usernames; interferes with multi-database tools and + was meant to be banned years ago... For now existing accounts will not be + prevented fromm login. == Languages updated == diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php index 9dbfbc3961..9270996278 100644 --- a/includes/SpecialUserlogin.php +++ b/includes/SpecialUserlogin.php @@ -195,7 +195,7 @@ class LoginForm { global $wgUser, $wgOut; global $wgEnableSorbs, $wgProxyWhitelist; global $wgMemc, $wgAccountCreationThrottle, $wgDBname; - global $wgAuth, $wgMinimalPasswordLength, $wgReservedUsernames; + global $wgAuth, $wgMinimalPasswordLength; // If the user passes an invalid domain, something is fishy if( !$wgAuth->validDomain( $this->mDomain ) ) { @@ -236,7 +236,7 @@ class LoginForm { $name = trim( $this->mName ); $u = User::newFromName( $name ); - if ( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) { + if ( is_null( $u ) || !User::isCreatableName( $u->getName() ) ) { $this->mainLoginForm( wfMsg( 'noname' ) ); return false; } @@ -317,12 +317,12 @@ class LoginForm { function authenticateUserData() { - global $wgUser, $wgAuth, $wgReservedUsernames; + global $wgUser, $wgAuth; if ( '' == $this->mName ) { return AuthNoName; } $u = User::newFromName( $this->mName ); - if( is_null( $u ) || in_array( $u->getName(), $wgReservedUsernames ) ) { + if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) { return AuthIllegal; } if ( 0 == $u->getID() ) { @@ -362,7 +362,7 @@ class LoginForm { } function processLogin() { - global $wgUser, $wgAuth, $wgReservedUsernames; + global $wgUser, $wgAuth; switch ($this->authenticateUserData()) { diff --git a/includes/User.php b/includes/User.php index 5757ff6c90..efe6f2b65d 100644 --- a/includes/User.php +++ b/includes/User.php @@ -335,6 +335,48 @@ class User { return true; } + + /** + * Usernames which fail to pass this function will be blocked + * from user login and new account registrations, but may be used + * internally by batch processes. + * + * If an account already exists in this form, login will be blocked + * by a failure to pass this function. + * + * @param string $name + * @return bool + */ + static function isUsableName( $name ) { + global $wgReservedUsernames; + return + // Must be a usable username, obviously ;) + self::isValidUserName( $name ) && + + // Certain names may be reserved for batch processes. + !in_array( $name, $wgReservedUsernames ); + } + + /** + * Usernames which fail to pass this function will be blocked + * from new account registrations, but may be used internally + * either by batch processes or by user accounts which have + * already been created. + * + * Additional character blacklisting may be added here + * rather than in isValidUserName() to avoid disrupting + * existing accounts. + * + * @param string $name + * @return bool + */ + static function isCreatableName( $name ) { + return + self::isUsableName( $name ) && + + // Registration-time character blacklisting... + strpos( $name, '@' ) === false; + } /** * Is the input a valid password? -- 2.20.1