prevent users from registering with name that is not a valid wikifile
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Tue, 25 Apr 2006 05:53:22 +0000 (05:53 +0000)
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Tue, 25 Apr 2006 05:53:22 +0000 (05:53 +0000)
avoids XSS attacks and is generally a good limitation

IkiWiki/CGI.pm

index 36d0e60082896e81fb8a16908edc208f74362869..067886c70d49c1eed93865b8f867584a73a06605 100644 (file)
@@ -118,6 +118,7 @@ sub cgi_signin ($$) { #{{{
                                validate => sub {
                                        my $name=shift;
                                        length $name &&
                                validate => sub {
                                        my $name=shift;
                                        length $name &&
+                                       $name=~/$wiki_file_regexp/ &&
                                        ! userinfo_get($name, "regdate");
                                },
                        );
                                        ! userinfo_get($name, "regdate");
                                },
                        );