From 15d0055c6f2e3b7007a82df40502e15cf5c32a13 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 2 Nov 2009 15:18:04 -0500 Subject: [PATCH] allowed_nickname blocks top level url router names --- classes/User.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/classes/User.php b/classes/User.php index 3fa9cc1526..530ece1ba4 100644 --- a/classes/User.php +++ b/classes/User.php @@ -118,7 +118,7 @@ class User extends Memcached_DataObject { // XXX: should already be validated for size, content, etc. - $blacklist = array(); + $blacklist = common_config('nickname', 'blacklist'); //all directory and file names should be blacklisted $d = dir(INSTALLDIR); @@ -126,8 +126,15 @@ class User extends Memcached_DataObject $blacklist[]=$entry; } $d->close(); - $merged = array_merge($blacklist, common_config('nickname', 'blacklist')); - return !in_array($nickname, $merged); + + //all top level names in the router should be blacklisted + $router = Router::get(); + foreach(array_keys($router->m->getPaths()) as $path){ + if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){ + $blacklist[]=$matches[1]; + } + } + return !in_array($nickname, $blacklist); } function getCurrentNotice($dt=null)