Permalink
Browse files

Fix #767 by refusing to validate usernames containing whitespace.

Requests anywhere else for usernames containing whitespace are unlikely
now that this is fixed, and since they'll likely work anyway (as this
was previously) I don't think this matters much. There might be cause
for this to be in the parent class, but I think this will do for now.
  • Loading branch information...
PeterJCLaw committed Jul 18, 2011
1 parent 172a0bd commit adc695646f149abb7f1b6f4483d3a825a9b9e06d
Showing with 4 additions and 0 deletions.
  1. +4 −0 include/auth/secure-token.php
@@ -52,6 +52,10 @@ private function generateToken($username, $password, $teams)
public function authUser($username, $password)
{
+ // NB: This is a bit hacky!
+ // Don't allow usernames with whitespace
+ if (preg_match('/\s/', $username) !== 0)
+ return false;
if (!$this->checkAuthentication($username, $password))
return false;
$this->user = $username;

0 comments on commit adc6956

Please sign in to comment.