diff options
author | Craig Andrews <candrews@integralblue.com> | 2009-11-02 15:18:04 -0500 |
---|---|---|
committer | Craig Andrews <candrews@integralblue.com> | 2009-11-02 15:18:56 -0500 |
commit | 15d0055c6f2e3b7007a82df40502e15cf5c32a13 (patch) | |
tree | 4855830c32fccc73b28672ebb1d61bd271399fc3 /classes | |
parent | 12eec0fea24ab71a4a374d06bdd8ce8fe0ebef98 (diff) |
allowed_nickname blocks top level url router names
Diffstat (limited to 'classes')
-rw-r--r-- | classes/User.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/classes/User.php b/classes/User.php index 3fa9cc152..530ece1ba 100644 --- a/classes/User.php +++ b/classes/User.php @@ -118,7 +118,7 @@ class User extends Memcached_DataObject { // XXX: should already be validated for size, content, etc. - $blacklist = array(); + $blacklist = common_config('nickname', 'blacklist'); //all directory and file names should be blacklisted $d = dir(INSTALLDIR); @@ -126,8 +126,15 @@ class User extends Memcached_DataObject $blacklist[]=$entry; } $d->close(); - $merged = array_merge($blacklist, common_config('nickname', 'blacklist')); - return !in_array($nickname, $merged); + + //all top level names in the router should be blacklisted + $router = Router::get(); + foreach(array_keys($router->m->getPaths()) as $path){ + if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){ + $blacklist[]=$matches[1]; + } + } + return !in_array($nickname, $blacklist); } function getCurrentNotice($dt=null) |