Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames.

author: Craig Andrews <candrews@integralblue.com> 2009-09-18 17:53:06 -0400
committer: Craig Andrews <candrews@integralblue.com> 2009-09-18 17:53:06 -0400
commit: 15f9c80c28042a5f9d51ec8444e3c9c475360481 (patch)
tree: f2f91f0a2036dd3f0b322e2e420a808e9bc58b72
parent: 6af71f2cd2b2fcacb0f1eb2e0172a300802fe8bc (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/classes/User.php b/classes/User.php
index 14d3cf54f..8386f1e18 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -120,11 +120,15 @@ class User extends Memcached_DataObject
     function allowed_nickname($nickname)
     {
         // XXX: should already be validated for size, content, etc.
-        static $blacklist = array('rss', 'xrds', 'doc', 'main',
-                                  'settings', 'notice', 'user',
-                                  'search', 'avatar', 'tag', 'tags',
-                                  'api', 'message', 'group', 'groups',
-                                  'local');
+
+        $blacklist = array();
+
+        //all directory and file names should be blacklisted
+        $d = dir(INSTALLDIR);
+        while (false !== ($entry = $d->read())) {
+            $blacklist[]=$entry;
+        }
+        $d->close();
         $merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
         return !in_array($nickname, $merged);
     }
author	Craig Andrews <candrews@integralblue.com>	2009-09-18 17:53:06 -0400
committer	Craig Andrews <candrews@integralblue.com>	2009-09-18 17:53:06 -0400
commit	15f9c80c28042a5f9d51ec8444e3c9c475360481 (patch)
tree	f2f91f0a2036dd3f0b322e2e420a808e9bc58b72
parent	6af71f2cd2b2fcacb0f1eb2e0172a300802fe8bc (diff)