From: Rob Church <robchurch@users.mediawiki.org>
Date: Sat, 19 May 2007 19:55:57 +0000 (+0000)
Subject: (bug 9813) Reject usernames containing '#' to avoid silent truncation of fragments... 
X-Git-Tag: 1.31.0-rc.0~52863
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/ajouter.php?a=commitdiff_plain;h=e424d8dc6904213c6348957dd5ea59f36ef27217;p=lhc%2Fweb%2Fwiklou.git

(bug 9813) Reject usernames containing '#' to avoid silent truncation of fragments during the normalisation process

This adds an explicit check to User::getCanonicalName() which is required to run before title normalisation, since it's too late once that's been done. This won't affect existing accounts.
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 98ab4b7387..82bddf0654 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -69,6 +69,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 1229) Balance columns in diff display evenly
 * Right-align diff line numbers in RTL language display
 * (bug 9332) Fix instructions in tests/README
+* (bug 9813) Reject usernames containing '#' to avoid silent truncation
+  of fragments during the normalisation process
 
 == MediaWiki API changes since 1.10 ==
 
diff --git a/includes/User.php b/includes/User.php
index 33cb9a6bc0..f60c4298c6 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -531,6 +531,12 @@ class User {
 		global $wgContLang;
 		$name = $wgContLang->ucfirst( $name );
 
+		# Reject names containing '#'; these will be cleaned up
+		# with title normalisation, but then it's too late to
+		# check elsewhere
+		if( strpos( $name, '#' ) !== false )
+			return false;
+
 		# Clean up name according to title rules
 		$t = Title::newFromText( $name );
 		if( is_null( $t ) ) {