Check for invalid and reserved usernames for the admin user at install time.
This commit is contained in:
parent
2c6eb77045
commit
60e6172bc9
15
install.php
15
install.php
@ -589,7 +589,7 @@ function handlePost()
|
|||||||
$sitename = $_POST['sitename'];
|
$sitename = $_POST['sitename'];
|
||||||
$fancy = !empty($_POST['fancy']);
|
$fancy = !empty($_POST['fancy']);
|
||||||
|
|
||||||
$adminNick = $_POST['admin_nickname'];
|
$adminNick = strtolower($_POST['admin_nickname']);
|
||||||
$adminPass = $_POST['admin_password'];
|
$adminPass = $_POST['admin_password'];
|
||||||
$adminPass2 = $_POST['admin_password2'];
|
$adminPass2 = $_POST['admin_password2'];
|
||||||
$adminEmail = $_POST['admin_email'];
|
$adminEmail = $_POST['admin_email'];
|
||||||
@ -630,6 +630,19 @@ STR;
|
|||||||
updateStatus("No initial StatusNet user nickname specified.", true);
|
updateStatus("No initial StatusNet user nickname specified.", true);
|
||||||
$fail = true;
|
$fail = true;
|
||||||
}
|
}
|
||||||
|
if ($adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $adminNick)) {
|
||||||
|
updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
|
||||||
|
'" is invalid; should be plain letters and numbers no longer than 64 characters.', true);
|
||||||
|
$fail = true;
|
||||||
|
}
|
||||||
|
// @fixme hardcoded list; should use User::allowed_nickname()
|
||||||
|
// if/when it's safe to have loaded the infrastructure here
|
||||||
|
$blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook');
|
||||||
|
if (in_array($adminNick, $blacklist)) {
|
||||||
|
updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
|
||||||
|
'" is reserved.', true);
|
||||||
|
$fail = true;
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($adminPass)) {
|
if (empty($adminPass)) {
|
||||||
updateStatus("No initial StatusNet user password specified.", true);
|
updateStatus("No initial StatusNet user password specified.", true);
|
||||||
|
Loading…
Reference in New Issue
Block a user