From 80e2f4f529cac935d69dfb42a5bfdef82aa00dad Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Thu, 30 Dec 2010 17:11:16 -0800
Subject: [PATCH] Fix up edge case in nickname processing: overlong display
 forms should be rejected before normalization (storage of display forms will
 also have fields with limited length)

---
 lib/nickname.php       | 10 ++++++----
 tests/NicknameTest.php |  9 +++++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/lib/nickname.php b/lib/nickname.php
index 562f1e2052..4d3795e392 100644
--- a/lib/nickname.php
+++ b/lib/nickname.php
@@ -103,15 +103,17 @@ class Nickname
      */
     public static function normalize($str)
     {
+        if (mb_strlen($str) > self::MAX_LEN) {
+            // Display forms must also fit!
+            throw new NicknameTooLongException();
+        }
+
         $str = trim($str);
         $str = str_replace('_', '', $str);
         $str = mb_strtolower($str);
 
-        $len = mb_strlen($str);
-        if ($len < 1) {
+        if (mb_strlen($str) < 1) {
             throw new NicknameEmptyException();
-        } else if ($len > self::MAX_LEN) {
-            throw new NicknameTooLongException();
         }
         if (!self::isCanonical($str)) {
             throw new NicknameInvalidException();
diff --git a/tests/NicknameTest.php b/tests/NicknameTest.php
index f49aeba602..66e883c049 100644
--- a/tests/NicknameTest.php
+++ b/tests/NicknameTest.php
@@ -33,9 +33,14 @@ class NicknameTest extends PHPUnit_Framework_TestCase
 
         if ($expected === false) {
             if ($expectedException) {
+                if ($exception) {
+                    $stuff = get_class($exception) . ': ' . $exception->getMessage();
+                } else {
+                    $stuff = var_export($exception, true);
+                }
                 $this->assertTrue($exception && $exception instanceof $expectedException,
                         "invalid input '$input' expected to fail with $expectedException, " .
-                        "got " . get_class($exception) . ': ' . $exception->getMessage());
+                        "got $stuff");
             } else {
                 $this->assertTrue($normalized == false,
                         "invalid input '$input' expected to fail");
@@ -104,7 +109,7 @@ class NicknameTest extends PHPUnit_Framework_TestCase
                      array('', false, 'NicknameEmptyException'),
                      array('___', false, 'NicknameEmptyException'),
                      array('eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee', 'eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee'), // 64 chars
-                     array('eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee_', 'eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee'), // the _ will be trimmed off, remaining valid
+                     array('eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee_', false, 'NicknameTooLongException'), // the _ is too long...
                      array('eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee', false, 'NicknameTooLongException'), // 65 chars -- too long
                      );
     }