makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security/254] Disallow whitespace characters that might be invisible

Browse source 
SECURITY-254
This commit is contained in:
Marc Alexander 2021-05-24 17:08:28 +02:00
parent ed33f06235
commit f302440297
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
phpBB/includes/functions_user.php
View file

@ -1752,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
} }
// ... fast checks first. // ... fast checks first.
if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)
|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
{ {
return 'INVALID_CHARS'; return 'INVALID_CHARS';
} }