Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames.
This commit is contained in:
parent
6af71f2cd2
commit
15f9c80c28
@ -120,11 +120,15 @@ class User extends Memcached_DataObject
|
||||
function allowed_nickname($nickname)
|
||||
{
|
||||
// XXX: should already be validated for size, content, etc.
|
||||
static $blacklist = array('rss', 'xrds', 'doc', 'main',
|
||||
'settings', 'notice', 'user',
|
||||
'search', 'avatar', 'tag', 'tags',
|
||||
'api', 'message', 'group', 'groups',
|
||||
'local');
|
||||
|
||||
$blacklist = array();
|
||||
|
||||
//all directory and file names should be blacklisted
|
||||
$d = dir(INSTALLDIR);
|
||||
while (false !== ($entry = $d->read())) {
|
||||
$blacklist[]=$entry;
|
||||
}
|
||||
$d->close();
|
||||
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
|
||||
return !in_array($nickname, $merged);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user