Merge branch '3.2.x'

2025-06-07 20:08:53 +00:00 · 2019-04-07 10:35:38 +02:00 · 2019-04-07 10:35:38 +02:00 · 79f02da2c3
commit 79f02da2c3
parent 1cf0ecf14c 6f573f710d
3 changed files with 34 additions and 10 deletions
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1718,16 +1718,20 @@ function phpbb_validate_timezone($timezone)
 	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
 }

-/**
-* Check to see if the username has been taken, or if it is disallowed.
-* Also checks if it includes the " character, which we don't allow in usernames.
-* Used for registering, changing names, and posting anonymously with a username
-*
-* @param string $username The username to check
-* @param string $allowed_username An allowed username, default being $user->data['username']
-*
-* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-*/
+/***
+ * Validate Username
+ *
+ * Check to see if the username has been taken, or if it is disallowed.
+ * Also checks if it includes the " character or the 4-bytes Unicode ones
+ * (aka emojis) which we don't allow in usernames.
+ * Used for registering, changing names, and posting anonymously with a username
+ *
+ * @param string	$username				The username to check
+ * @param string	$allowed_username		An allowed username, default being $user->data['username']
+ *
+ * @return mixed							Either false if validation succeeded or a string which will be
+ *											used as the error message (with the variable name appended)
+ */
 function validate_username($username, $allowed_username = false)
 {
 	global $config, $db, $user, $cache;
@ -1740,6 +1744,14 @@ function validate_username($username, $allowed_username = false)
 		return false;
 	}

+	// The very first check is for
+	// out-of-bounds characters that are currently
+	// not supported by utf8_bin in MySQL
+	if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
+	{
+		return 'INVALID_EMOJIS';
+	}
+
 	// ... fast checks first.
 	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
 	{
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@ -272,6 +272,7 @@ $lang = array_merge($lang, array(
 	'IMPORTANT_NEWS'			=> 'Important announcements',
 	'INVALID_USER_BIRTHDAY'			=> 'The entered birthday is not a valid date.',
 	'INVALID_CHARS_USERNAME'	=> 'The username contains forbidden characters.',
+	'INVALID_EMOJIS_USERNAME'	=> 'The username contains forbidden characters (Emoji).',
 	'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.',
 	'ITEMS_REQUIRED'			=> 'The items marked with * are required profile fields and need to be filled out.',

--- a/tests/functions/validate_username_test.php
+++ b/tests/functions/validate_username_test.php
@ -47,6 +47,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array(),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@ -60,6 +61,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
@ -73,6 +75,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@ -86,6 +89,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
@ -99,6 +103,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array(),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@ -112,6 +117,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@ -173,6 +179,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'"foobar"',
 				array('username'),
 			),
+			'foobar_emoji' => array(
+				$expected['foobar_emoji'],
+				'username😮',
+				array('username'),
+			),
 			'barfoo_disallow' => array(
 				$expected['barfoo_disallow'],
 				'barfoo',