From 8aaf250314a900dc15764ff3405627a77395a5db Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Thu, 21 Mar 2002 14:29:42 +0000
Subject: [PATCH] Wasn't checking for wildcards in disallowed usernames during
 validation ... how we missed this for months is beyond me ... thanks to the
 anonymous bug track adder ...

git-svn-id: file:///svn/phpbb/trunk@2391 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_validate.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/phpBB/includes/functions_validate.php b/phpBB/includes/functions_validate.php
index 1f70cf2e7e..c9c9724368 100644
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@@ -58,13 +58,15 @@ function validate_username($username)
 	}
 
 	$sql = "SELECT disallow_username
-		FROM " . DISALLOW_TABLE . "
-		WHERE disallow_username LIKE '$username'";
+		FROM " . DISALLOW_TABLE;
 	if ( $result = $db->sql_query($sql) )
 	{
-		if ( $db->sql_fetchrow($result) )
+		while( $row = $db->sql_fetchrow($result) )
 		{
-			return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+			if ( preg_match("#\b(" . str_replace("\*", "\w*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) )
+			{
+				return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
+			}
 		}
 	}