Skip to content
Browse files

Fix #767 by refusing to validate usernames containing whitespace.

Requests anywhere else for usernames containing whitespace are unlikely
now that this is fixed, and since they'll likely work anyway (as this
was previously) I don't think this matters much. There might be cause
for this to be in the parent class, but I think this will do for now.
  • Loading branch information...
1 parent 172a0bd commit adc695646f149abb7f1b6f4483d3a825a9b9e06d @PeterJCLaw committed
Showing with 4 additions and 0 deletions.
  1. +4 −0 include/auth/secure-token.php
View
4 include/auth/secure-token.php
@@ -52,6 +52,10 @@ private function generateToken($username, $password, $teams)
public function authUser($username, $password)
{
+ // NB: This is a bit hacky!
+ // Don't allow usernames with whitespace
+ if (preg_match('/\s/', $username) !== 0)
+ return false;
if (!$this->checkAuthentication($username, $password))
return false;
$this->user = $username;

0 comments on commit adc6956

Please sign in to comment.
Something went wrong with that request. Please try again.