Merge branch 'ticket/security/254' into prep-release-3.3.5

2025-06-28 06:08:52 +00:00 · 2021-10-01 22:35:54 +02:00 · 2021-10-01 22:35:54 +02:00 · 5b3d238804
commit 5b3d238804
parent 51cc7202f8 b82d90eb39
2 changed files with 13 additions and 1 deletions
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1752,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
 	}
 	// ... fast checks first.
-	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
+	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username)
 		|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
 	{
 		return 'INVALID_CHARS';
 	}
--- a/tests/functions/validate_username_test.php
+++ b/tests/functions/validate_username_test.php
@ -51,6 +51,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 			array('USERNAME_ALPHA_ONLY', array(
 				'foobar_allow'		=> array(),
@ -65,6 +66,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 			array('USERNAME_ALPHA_SPACERS', array(
 				'foobar_allow'		=> array(),
@ -79,6 +81,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 			array('USERNAME_LETTER_NUM', array(
 				'foobar_allow'		=> array(),
@ -93,6 +96,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 			array('USERNAME_LETTER_NUM_SPACERS', array(
 				'foobar_allow'		=> array(),
@ -107,6 +111,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 			array('USERNAME_ASCII', array(
 				'foobar_allow'		=> array(),
@ -121,6 +126,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
 				'a d m i n i ᠎strator' => array('INVALID_CHARS'),
 			)),
 		);
 	}
@ -201,6 +207,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_group',
 				array('username'),
 			),
 			'a d m i n i ᠎strator' => array(
 				$expected['a d m i n i ᠎strator'],
 				'a d m i n i ᠎strator',
 				array('username'),
 			),
 		));
 	}
 }