allowed_nickname blocks top level url router names
This commit is contained in:
		| @@ -118,7 +118,7 @@ class User extends Memcached_DataObject | |||||||
|     { |     { | ||||||
|         // XXX: should already be validated for size, content, etc. |         // XXX: should already be validated for size, content, etc. | ||||||
|  |  | ||||||
|         $blacklist = array(); |         $blacklist = common_config('nickname', 'blacklist'); | ||||||
|  |  | ||||||
|         //all directory and file names should be blacklisted |         //all directory and file names should be blacklisted | ||||||
|         $d = dir(INSTALLDIR); |         $d = dir(INSTALLDIR); | ||||||
| @@ -126,8 +126,15 @@ class User extends Memcached_DataObject | |||||||
|             $blacklist[]=$entry; |             $blacklist[]=$entry; | ||||||
|         } |         } | ||||||
|         $d->close(); |         $d->close(); | ||||||
|         $merged = array_merge($blacklist, common_config('nickname', 'blacklist')); |  | ||||||
|         return !in_array($nickname, $merged); |         //all top level names in the router should be blacklisted | ||||||
|  |         $router = Router::get(); | ||||||
|  |         foreach(array_keys($router->m->getPaths()) as $path){ | ||||||
|  |             if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){ | ||||||
|  |                 $blacklist[]=$matches[1]; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |         return !in_array($nickname, $blacklist); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     function getCurrentNotice($dt=null) |     function getCurrentNotice($dt=null) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user