better nick validation, fixes #429

This commit is contained in:
msquare 2019-04-28 14:34:04 +02:00
parent 819677c902
commit 4f1cef546e
4 changed files with 31 additions and 13 deletions

View File

@ -112,11 +112,20 @@ function Users_by_angeltype($angeltype)
* Nick is trimmed. * Nick is trimmed.
* *
* @param string $nick * @param string $nick
* @return string * @return ValidationResult
*/ */
function User_validate_Nick($nick) function User_validate_Nick($nick)
{ {
return preg_replace('/([^\p{L}\p{N}\-_. ]+)/ui', '', trim($nick)); $nick = trim($nick);
if(strlen($nick) == 0 || strlen($nick) > 23) {
return new ValidationResult(false, $nick);
}
if(preg_match('/([^\p{L}\p{N}\-_. ]+)/ui', $nick)) {
return new ValidationResult(false, $nick);
}
return new ValidationResult(true, $nick);
} }
/** /**

View File

@ -261,7 +261,10 @@ function admin_user()
if ($user_source->settings->email_human) { if ($user_source->settings->email_human) {
$user_source->email = $request->postData('eemail'); $user_source->email = $request->postData('eemail');
} }
$user_source->name = User_validate_Nick($request->postData('eNick')); $nickValidation = User_validate_Nick($request->postData('eNick'));
if($nickValidation->isValid()) {
$user_source->name = $nickValidation->getValue();
}
$user_source->save(); $user_source->save();
$user_source->personalData->first_name = $request->postData('eVorname'); $user_source->personalData->first_name = $request->postData('eVorname');
$user_source->personalData->last_name = $request->postData('eName'); $user_source->personalData->last_name = $request->postData('eName');

View File

@ -83,18 +83,21 @@ function guest_register()
if ($request->hasPostData('submit')) { if ($request->hasPostData('submit')) {
$valid = true; $valid = true;
if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) { if ($request->has('nick')) {
$nick = User_validate_Nick($request->input('nick')); $nickValidation = User_validate_Nick($request->input('nick'));
$nick = $nickValidation->getValue();
if(!$nickValidation->isValid()) {
$valid = false;
$msg .= error(sprintf(__('Please enter a valid nick.') . ' ' . __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'), $nick), true);
}
if (User::whereName($nick)->count() > 0) { if (User::whereName($nick)->count() > 0) {
$valid = false; $valid = false;
$msg .= error(sprintf(__('Your nick "%s" already exists.'), $nick), true); $msg .= error(sprintf(__('Your nick "%s" already exists.'), $nick), true);
} }
} else { } else {
$valid = false; $valid = false;
$msg .= error(sprintf( $msg .= error(__('Please enter a nickname.'), true);
__('Your nick "%s" is too short (min. 2 characters).'),
User_validate_Nick($request->input('nick'))
), true);
} }
if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) { if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) {
@ -283,7 +286,8 @@ function guest_register()
div('col-md-6', [ div('col-md-6', [
div('row', [ div('row', [
div('col-sm-4', [ div('col-sm-4', [
form_text('nick', __('Nick') . ' ' . entry_required(), $nick) form_text('nick', __('Nick') . ' ' . entry_required(), $nick),
form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'))
]), ]),
div('col-sm-8', [ div('col-sm-8', [
form_email('mail', __('E-Mail') . ' ' . entry_required(), $mail), form_email('mail', __('E-Mail') . ' ' . entry_required(), $mail),
@ -395,9 +399,10 @@ function guest_login()
$session->remove('uid'); $session->remove('uid');
if ($request->hasPostData('submit')) { if ($request->hasPostData('submit')) {
if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { if ($request->has('nick') && !empty($request->input('nick'))) {
$nick = User_validate_Nick($request->input('nick')); $nickValidation = User_validate_Nick($request->input('nick'));
$login_user = User::whereName($nick)->first(); $nick = $nickValidation->getValue();
$login_user = User::whereName($nickValidation->getValue())->first();
if ($login_user) { if ($login_user) {
if ($request->has('password')) { if ($request->has('password')) {
if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) { if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) {

View File

@ -36,6 +36,7 @@ function User_settings_view(
form_info('', __('Here you can change your user details.')), form_info('', __('Here you can change your user details.')),
form_info(entry_required() . ' = ' . __('Entry required!')), form_info(entry_required() . ' = ' . __('Entry required!')),
form_text('nick', __('Nick'), $user_source->name, true), form_text('nick', __('Nick'), $user_source->name, true),
form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.')),
form_text('lastname', __('Last name'), $personalData->last_name), form_text('lastname', __('Last name'), $personalData->last_name),
form_text('prename', __('First name'), $personalData->first_name), form_text('prename', __('First name'), $personalData->first_name),
$enable_planned_arrival ? form_date( $enable_planned_arrival ? form_date(