From 60e6172bc9e52f1e6b4941811e2d6fd6050c1c6b Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 9 Mar 2010 14:15:55 -0800 Subject: [PATCH] Check for invalid and reserved usernames for the admin user at install time. --- install.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/install.php b/install.php index fbedbaf017..9a7e27fa2c 100644 --- a/install.php +++ b/install.php @@ -589,7 +589,7 @@ function handlePost() $sitename = $_POST['sitename']; $fancy = !empty($_POST['fancy']); - $adminNick = $_POST['admin_nickname']; + $adminNick = strtolower($_POST['admin_nickname']); $adminPass = $_POST['admin_password']; $adminPass2 = $_POST['admin_password2']; $adminEmail = $_POST['admin_email']; @@ -630,6 +630,19 @@ STR; updateStatus("No initial StatusNet user nickname specified.", true); $fail = true; } + if ($adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $adminNick)) { + updateStatus('The user nickname "' . htmlspecialchars($adminNick) . + '" is invalid; should be plain letters and numbers no longer than 64 characters.', true); + $fail = true; + } + // @fixme hardcoded list; should use User::allowed_nickname() + // if/when it's safe to have loaded the infrastructure here + $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook'); + if (in_array($adminNick, $blacklist)) { + updateStatus('The user nickname "' . htmlspecialchars($adminNick) . + '" is reserved.', true); + $fail = true; + } if (empty($adminPass)) { updateStatus("No initial StatusNet user password specified.", true);