Skip to content
Permalink
Browse files

Validate: disallow even more unusual/risky characters in names.

Also disallow a backslash by the regex, so stripslashes() becomes
obsolete.
  • Loading branch information...
Traumflug committed Apr 21, 2019
1 parent c733d53 commit 7ad147d991861e498e586f4dfc8ad1ff3cc114c0
Showing with 3 additions and 3 deletions.
  1. +3 −3 classes/Validate.php
@@ -240,14 +240,14 @@ public static function isImageSize($size)
*
* @since 1.0.0
* @version 1.0.0 Initial version
* @version 1.1.0 Don't accept 'http', 'www' or '/', do accept ','.
* @version 1.1.0 Accept ',', don't accept 'http', 'www' and some more
* unusual/risky characters.
*/
public static function isName($name)
{
$name = stripslashes($name);
return ! preg_match('/www|http/ui', $name)
&& preg_match(
Tools::cleanNonUnicodeSupport('/^[^0-9\/!<>;?()@"°{}_$%:]*$/u'),
Tools::cleanNonUnicodeSupport('/^[^0-9!\[\]<>;?=+()@#"°{}_$%:\/\\\*\^]*$/u'),
$name
);
}

0 comments on commit 7ad147d

Please sign in to comment.
You can’t perform that action at this time.