archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Raise an error if a user tries to register with an excessively long username

Browse Source 
Summary: Fixes T2348. We should probably do some of this more broadly, but can tackle them one at a time as they arise, since many fields have no effective length limit.

Test Plan: {F54126}

Reviewers: btrahan, asherkin

Reviewed By: asherkin

CC: aran

Maniphest Tasks: T2348

Differential Revision: https://secure.phabricator.com/D6744
This commit is contained in:
epriestley
2013-08-13 14:37:23 -07:00
parent f852a09e1c
commit a530004ac7
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/applications/people/storage/PhabricatorUser.php
View File

@@ -9,6 +9,7 @@ final class PhabricatorUser
const SESSION_TABLE = 'phabricator_session'; const SESSION_TABLE = 'phabricator_session';
const NAMETOKEN_TABLE = 'user_nametoken'; const NAMETOKEN_TABLE = 'user_nametoken';
const MAXIMUM_USERNAME_LENGTH = 64;
protected $phid; protected $phid;
protected $userName; protected $userName;
@@ -689,8 +690,11 @@ EOBODY;
} }
public static function describeValidUsername() { public static function describeValidUsername() {
return 'Usernames must contain only numbers, letters, period, underscore '. return pht(
'and hyphen, and can not end with a period.'; 'Usernames must contain only numbers, letters, period, underscore and '.
'hyphen, and can not end with a period. They must have no more than %d '.
'characters.',
new PhutilNumber(self::MAXIMUM_USERNAME_LENGTH));
} }
public static function validateUsername($username) { public static function validateUsername($username) {
@@ -701,6 +705,10 @@ EOBODY;
// - Unit tests, obviously. // - Unit tests, obviously.
// - describeValidUsername() method, above. // - describeValidUsername() method, above.
if (strlen($username) > self::MAXIMUM_USERNAME_LENGTH) {
return false;
}
return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]$/', $username); return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]$/', $username);
} }