From 0c444bfb9b1ae8b43a27973d8893693b5c40ac21 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 9 Apr 2012 14:02:21 +0200 Subject: user/register: restrict username to a-z0-9 Signed-off-by: Florian Pritz --- application/controllers/user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'application') diff --git a/application/controllers/user.php b/application/controllers/user.php index 67c3ccbb7..06ecc50dd 100644 --- a/application/controllers/user.php +++ b/application/controllers/user.php @@ -137,8 +137,8 @@ class User extends CI_Controller { $password = $this->input->post("password"); $password_confirm = $this->input->post("password_confirm"); - if (!$username) { - $error[]= "Invalid username."; + if (!$username || !preg_match("/^[a-z0-9]+$/", $username)) { + $error[]= "Invalid username (only a-z0-9 are allowed)."; } $this->load->helper("email"); -- cgit v1.2.3-24-g4f1b