summaryrefslogtreecommitdiff
path: root/classes/User.php
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2009-09-18 17:53:06 -0400
committerCraig Andrews <candrews@integralblue.com>2009-09-18 17:53:06 -0400
commit15f9c80c28042a5f9d51ec8444e3c9c475360481 (patch)
treef2f91f0a2036dd3f0b322e2e420a808e9bc58b72 /classes/User.php
parent6af71f2cd2b2fcacb0f1eb2e0172a300802fe8bc (diff)
Blacklist all files and directories in the web root (INSTALLDIR). Much more elegant than manually keep tracking of these invalid usernames.
Diffstat (limited to 'classes/User.php')
-rw-r--r--classes/User.php14
1 files changed, 9 insertions, 5 deletions
diff --git a/classes/User.php b/classes/User.php
index 14d3cf54f..8386f1e18 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -120,11 +120,15 @@ class User extends Memcached_DataObject
function allowed_nickname($nickname)
{
// XXX: should already be validated for size, content, etc.
- static $blacklist = array('rss', 'xrds', 'doc', 'main',
- 'settings', 'notice', 'user',
- 'search', 'avatar', 'tag', 'tags',
- 'api', 'message', 'group', 'groups',
- 'local');
+
+ $blacklist = array();
+
+ //all directory and file names should be blacklisted
+ $d = dir(INSTALLDIR);
+ while (false !== ($entry = $d->read())) {
+ $blacklist[]=$entry;
+ }
+ $d->close();
$merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
return !in_array($nickname, $merged);
}