From: Paul S. O. <ps...@us...> - 2002-03-21 14:29:45
|
Update of /cvsroot/phpbb/phpBB2/includes In directory usw-pr-cvs1:/tmp/cvs-serv3454/includes Modified Files: functions_validate.php Log Message: Wasn't checking for wildcards in disallowed usernames during validation ... how we missed this for months is beyond me ... thanks to the anonymous bug track adder ... Index: functions_validate.php =================================================================== RCS file: /cvsroot/phpbb/phpBB2/includes/functions_validate.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -r1.4 -r1.5 *** functions_validate.php 18 Mar 2002 23:53:12 -0000 1.4 --- functions_validate.php 21 Mar 2002 14:29:42 -0000 1.5 *************** *** 59,69 **** $sql = "SELECT disallow_username ! FROM " . DISALLOW_TABLE . " ! WHERE disallow_username LIKE '$username'"; if ( $result = $db->sql_query($sql) ) { ! if ( $db->sql_fetchrow($result) ) { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } --- 59,71 ---- $sql = "SELECT disallow_username ! FROM " . DISALLOW_TABLE; if ( $result = $db->sql_query($sql) ) { ! while( $row = $db->sql_fetchrow($result) ) { ! if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) ) ! { ! return array('error' => true, 'error_msg' => $lang['Username_disallowed']); ! } } } |