summaryrefslogtreecommitdiff
path: root/classes
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2009-11-02 15:18:04 -0500
committerCraig Andrews <candrews@integralblue.com>2009-11-02 15:18:56 -0500
commit15d0055c6f2e3b7007a82df40502e15cf5c32a13 (patch)
tree4855830c32fccc73b28672ebb1d61bd271399fc3 /classes
parent12eec0fea24ab71a4a374d06bdd8ce8fe0ebef98 (diff)
allowed_nickname blocks top level url router names
Diffstat (limited to 'classes')
-rw-r--r--classes/User.php13
1 files changed, 10 insertions, 3 deletions
diff --git a/classes/User.php b/classes/User.php
index 3fa9cc152..530ece1ba 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -118,7 +118,7 @@ class User extends Memcached_DataObject
{
// XXX: should already be validated for size, content, etc.
- $blacklist = array();
+ $blacklist = common_config('nickname', 'blacklist');
//all directory and file names should be blacklisted
$d = dir(INSTALLDIR);
@@ -126,8 +126,15 @@ class User extends Memcached_DataObject
$blacklist[]=$entry;
}
$d->close();
- $merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
- return !in_array($nickname, $merged);
+
+ //all top level names in the router should be blacklisted
+ $router = Router::get();
+ foreach(array_keys($router->m->getPaths()) as $path){
+ if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){
+ $blacklist[]=$matches[1];
+ }
+ }
+ return !in_array($nickname, $blacklist);
}
function getCurrentNotice($dt=null)