Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix #767 by refusing to validate usernames containing whitespace.

Requests anywhere else for usernames containing whitespace are unlikely
now that this is fixed, and since they'll likely work anyway (as this
was previously) I don't think this matters much. There might be cause
for this to be in the parent class, but I think this will do for now.
  • Loading branch information...
commit adc695646f149abb7f1b6f4483d3a825a9b9e06d 1 parent 172a0bd
@PeterJCLaw authored
Showing with 4 additions and 0 deletions.
  1. +4 −0 include/auth/secure-token.php
View
4 include/auth/secure-token.php
@@ -52,6 +52,10 @@ private function generateToken($username, $password, $teams)
public function authUser($username, $password)
{
+ // NB: This is a bit hacky!
+ // Don't allow usernames with whitespace
+ if (preg_match('/\s/', $username) !== 0)
+ return false;
if (!$this->checkAuthentication($username, $password))
return false;
$this->user = $username;
Please sign in to comment.
Something went wrong with that request. Please try again.