summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-11-01 11:09:14 -0500
committerEvan Prodromou <evan@status.net>2009-11-01 11:09:14 -0500
commit66645282440d914c899ba63fffd1ee911c0f8879 (patch)
tree2e93a45865211688f300c40007dd502568b52a52
parent659da177ea017daaab137b7e608c6c0500c6d586 (diff)
Revert "Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames."
This reverts commit 15f9c80c28042a5f9d51ec8444e3c9c475360481. So, so, elegant! And so, so, incorrect! We can't have a user named 'notice' because that would interfere with URLs like /notice/1234. However, there is no file named 'notice' in the Web root. If there were a way to automatically pull out the virtual paths in the root dir, this may make sense. Until then, we keep track here.
-rw-r--r--classes/User.php14
1 files changed, 5 insertions, 9 deletions
diff --git a/classes/User.php b/classes/User.php
index 007662131..7ab9f307a 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -120,15 +120,11 @@ class User extends Memcached_DataObject
function allowed_nickname($nickname)
{
// XXX: should already be validated for size, content, etc.
-
- $blacklist = array();
-
- //all directory and file names should be blacklisted
- $d = dir(INSTALLDIR);
- while (false !== ($entry = $d->read())) {
- $blacklist[]=$entry;
- }
- $d->close();
+ static $blacklist = array('rss', 'xrds', 'doc', 'main',
+ 'settings', 'notice', 'user',
+ 'search', 'avatar', 'tag', 'tags',
+ 'api', 'message', 'group', 'groups',
+ 'local');
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
return !in_array($nickname, $merged);
}