From dc80ffdb40472fa9344765162c9d21d57f270de0 Mon Sep 17 00:00:00 2001
From: 3D-I <marktravai@gmail.com>
Date: Sun, 31 Mar 2019 07:08:20 +0200
Subject: [PATCH 1/5] [ticket/16004] Add check-in for Emojis in Username

PHPBB3-16004
---
 phpBB/includes/functions_user.php | 7 +++++++
 phpBB/language/en/ucp.php         | 1 +
 2 files changed, 8 insertions(+)

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index d019b867fa..5789981429 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1760,6 +1760,13 @@ function validate_username($username, $allowed_username = false)
 		return 'USERNAME_TAKEN';
 	}
 
+	// Check for out-of-bounds characters that are currently
+	// not supported by utf8_bin in MySQL
+	if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
+	{
+		return 'INVALID_EMOJIS_USERNAME';
+	}
+
 	$sql = 'SELECT group_name
 		FROM ' . GROUPS_TABLE . "
 		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 5875099fb8..a4e834cb85 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -272,6 +272,7 @@ $lang = array_merge($lang, array(
 	'IMPORTANT_NEWS'			=> 'Important announcements',
 	'INVALID_USER_BIRTHDAY'			=> 'The entered birthday is not a valid date.',
 	'INVALID_CHARS_USERNAME'	=> 'The username contains forbidden characters.',
+	'INVALID_EMOJIS_USERNAME'	=> 'The username contains forbidden characters (Emoji).',
 	'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.',
 	'ITEMS_REQUIRED'			=> 'The items marked with * are required profile fields and need to be filled out.',
 

From 5bd2c067c5540bd68ae3d56c927c9ebb441243ac Mon Sep 17 00:00:00 2001
From: 3D-I <marktravai@gmail.com>
Date: Sun, 31 Mar 2019 07:20:59 +0200
Subject: [PATCH 2/5] [ticket/16004] Move the check-in to a more appropriated
 place

PHPBB3-16004
---
 phpBB/includes/functions_user.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 5789981429..99d04d5b2a 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1709,6 +1709,14 @@ function validate_username($username, $allowed_username = false)
 		return false;
 	}
 
+	// The very first check is for
+	// out-of-bounds characters that are currently
+	// not supported by utf8_bin in MySQL
+	if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
+	{
+		return 'INVALID_EMOJIS_USERNAME';
+	}
+
 	// ... fast checks first.
 	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
 	{
@@ -1760,13 +1768,6 @@ function validate_username($username, $allowed_username = false)
 		return 'USERNAME_TAKEN';
 	}
 
-	// Check for out-of-bounds characters that are currently
-	// not supported by utf8_bin in MySQL
-	if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
-	{
-		return 'INVALID_EMOJIS_USERNAME';
-	}
-
 	$sql = 'SELECT group_name
 		FROM ' . GROUPS_TABLE . "
 		WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";

From dc610b5508a33c2e8932f5d0624a1fa1db4ad732 Mon Sep 17 00:00:00 2001
From: 3D-I <marktravai@gmail.com>
Date: Sun, 31 Mar 2019 07:25:27 +0200
Subject: [PATCH 3/5] [ticket/16004] Add a line of comment in the docblock

PHPBB3-16004
---
 phpBB/includes/functions_user.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 99d04d5b2a..dbd260a4e9 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1690,6 +1690,7 @@ function phpbb_validate_timezone($timezone)
 /**
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.
+* Also checks if it includes the 4-bytes Unicode characters (emojis), which we don't allow in usernames.
 * Used for registering, changing names, and posting anonymously with a username
 *
 * @param string $username The username to check

From b89044888275dac3ad7b139d6e9dc27c59cb3135 Mon Sep 17 00:00:00 2001
From: 3D-I <marktravai@gmail.com>
Date: Sun, 31 Mar 2019 07:34:27 +0200
Subject: [PATCH 4/5] [ticket/16004] Amend the whole docblock

PHPBB3-16004
---
 phpBB/includes/functions_user.php | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index dbd260a4e9..6ea615ee2f 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1687,17 +1687,20 @@ function phpbb_validate_timezone($timezone)
 	return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID';
 }
 
-/**
-* Check to see if the username has been taken, or if it is disallowed.
-* Also checks if it includes the " character, which we don't allow in usernames.
-* Also checks if it includes the 4-bytes Unicode characters (emojis), which we don't allow in usernames.
-* Used for registering, changing names, and posting anonymously with a username
-*
-* @param string $username The username to check
-* @param string $allowed_username An allowed username, default being $user->data['username']
-*
-* @return	mixed	Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
-*/
+/***
+ * Validate Username
+ *
+ * Check to see if the username has been taken, or if it is disallowed.
+ * Also checks if it includes the " character or the 4-bytes Unicode ones
+ * (aka emojis) which we don't allow in usernames.
+ * Used for registering, changing names, and posting anonymously with a username
+ *
+ * @param string	$username				The username to check
+ * @param string	$allowed_username		An allowed username, default being $user->data['username']
+ *
+ * @return mixed							Either false if validation succeeded or a string which will be
+ *											used as the error message (with the variable name appended)
+ */
 function validate_username($username, $allowed_username = false)
 {
 	global $config, $db, $user, $cache;
@@ -1715,7 +1718,7 @@ function validate_username($username, $allowed_username = false)
 	// not supported by utf8_bin in MySQL
 	if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username))
 	{
-		return 'INVALID_EMOJIS_USERNAME';
+		return 'INVALID_EMOJIS';
 	}
 
 	// ... fast checks first.

From 7160c67b2ca8fa1c819d5da3e629fb02621a7066 Mon Sep 17 00:00:00 2001
From: 3D-I <marktravai@gmail.com>
Date: Mon, 1 Apr 2019 23:12:55 +0200
Subject: [PATCH 5/5] [ticket/16004] Add
 tests/functions/validate_username_test.php

PHPBB3-16004
---
 tests/functions/validate_username_test.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/functions/validate_username_test.php b/tests/functions/validate_username_test.php
index d310f58036..cee5d38400 100644
--- a/tests/functions/validate_username_test.php
+++ b/tests/functions/validate_username_test.php
@@ -47,6 +47,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array(),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@@ -60,6 +61,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
@@ -73,6 +75,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@@ -86,6 +89,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('INVALID_CHARS'),
@@ -99,6 +103,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array(),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@@ -112,6 +117,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'foobar_letter_num'	=> array(),
 				'foobar_letter_num_sp'	=> array('INVALID_CHARS'),
 				'foobar_quot'		=> array('INVALID_CHARS'),
+				'foobar_emoji'		=> array('INVALID_EMOJIS'),
 				'barfoo_disallow'	=> array('USERNAME_DISALLOWED'),
 				'admin_taken'		=> array('USERNAME_TAKEN'),
 				'group_taken'		=> array('USERNAME_TAKEN'),
@@ -173,6 +179,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case
 				'"foobar"',
 				array('username'),
 			),
+			'foobar_emoji' => array(
+				$expected['foobar_emoji'],
+				'username😮',
+				array('username'),
+			),
 			'barfoo_disallow' => array(
 				$expected['barfoo_disallow'],
 				'barfoo',