mirrors/mycorrhiza
1
0
Fork 0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2025-04-26 04:23:10 +00:00
Code Issues Releases Wiki Activity

Auth: Do not load users with weird characters in names

Browse Source 
If they were registered in earlier versions, you should do something about it:

* Delete them manually.
* Workaround: register a new user to force user storage dump. You can delete them afterwards.
This commit is contained in:
Timur Ismagilov 2022-05-17 16:35:43 +03:00
parent c1ac0bbd16
commit 2e59f75647
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
user/files.go
View File

@ -50,6 +50,9 @@ func usersFromFile() []*User {
func rememberUsers(userList []*User) { func rememberUsers(userList []*User) {
for _, user := range userList { for _, user := range userList {
if !IsValidUsername(user.Name) {
continue
}
users.Store(user.Name, user) users.Store(user.Name, user)
} }
} }

2
user/user.go
View File

@ -1,7 +1,6 @@
package user package user
import ( import (
"fmt"
"net/http" "net/http"
"strings" "strings"
"sync" "sync"
@ -136,7 +135,6 @@ func (user *User) ShowLockMaybe(w http.ResponseWriter, rq *http.Request) bool {
// IsValidUsername checks if the given username is valid. // IsValidUsername checks if the given username is valid.
func IsValidUsername(username string) bool { func IsValidUsername(username string) bool {
fmt.Println("Is", username, "ok")
for _, r := range username { for _, r := range username {
if strings.ContainsRune("?!:#@><*|\"'&%{}/", r) { if strings.ContainsRune("?!:#@><*|\"'&%{}/", r) {
return false return false