diff options
author | Craig Andrews <candrews@integralblue.com> | 2009-09-18 17:53:06 -0400 |
---|---|---|
committer | Craig Andrews <candrews@integralblue.com> | 2009-09-18 17:53:06 -0400 |
commit | 15f9c80c28042a5f9d51ec8444e3c9c475360481 (patch) | |
tree | f2f91f0a2036dd3f0b322e2e420a808e9bc58b72 /classes | |
parent | 6af71f2cd2b2fcacb0f1eb2e0172a300802fe8bc (diff) |
Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames.
Diffstat (limited to 'classes')
-rw-r--r-- | classes/User.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/classes/User.php b/classes/User.php index 14d3cf54f..8386f1e18 100644 --- a/classes/User.php +++ b/classes/User.php @@ -120,11 +120,15 @@ class User extends Memcached_DataObject function allowed_nickname($nickname) { // XXX: should already be validated for size, content, etc. - static $blacklist = array('rss', 'xrds', 'doc', 'main', - 'settings', 'notice', 'user', - 'search', 'avatar', 'tag', 'tags', - 'api', 'message', 'group', 'groups', - 'local'); + + $blacklist = array(); + + //all directory and file names should be blacklisted + $d = dir(INSTALLDIR); + while (false !== ($entry = $d->read())) { + $blacklist[]=$entry; + } + $d->close(); $merged = array_merge($blacklist, common_config('nickname', 'blacklist')); return !in_array($nickname, $merged); } |