allowed_nickname blocks top level url router names

author: Craig Andrews <candrews@integralblue.com> 2009-11-02 15:18:04 -0500
committer: Craig Andrews <candrews@integralblue.com> 2009-11-02 15:18:56 -0500
commit: 15d0055c6f2e3b7007a82df40502e15cf5c32a13 (patch)
tree: 4855830c32fccc73b28672ebb1d61bd271399fc3 /classes/User.php
parent: 12eec0fea24ab71a4a374d06bdd8ce8fe0ebef98 (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/classes/User.php b/classes/User.php
index 3fa9cc152..530ece1ba 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -118,7 +118,7 @@ class User extends Memcached_DataObject
     {
         // XXX: should already be validated for size, content, etc.
 
-        $blacklist = array();
+        $blacklist = common_config('nickname', 'blacklist');
 
         //all directory and file names should be blacklisted
         $d = dir(INSTALLDIR);
@@ -126,8 +126,15 @@ class User extends Memcached_DataObject
             $blacklist[]=$entry;
         }
         $d->close();
-        $merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
-        return !in_array($nickname, $merged);
+
+        //all top level names in the router should be blacklisted
+        $router = Router::get();
+        foreach(array_keys($router->m->getPaths()) as $path){
+            if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){
+                $blacklist[]=$matches[1];
+            }
+        }
+        return !in_array($nickname, $blacklist);
     }
 
     function getCurrentNotice($dt=null)
author	Craig Andrews <candrews@integralblue.com>	2009-11-02 15:18:04 -0500
committer	Craig Andrews <candrews@integralblue.com>	2009-11-02 15:18:56 -0500
commit	15d0055c6f2e3b7007a82df40502e15cf5c32a13 (patch)
tree	4855830c32fccc73b28672ebb1d61bd271399fc3 /classes/User.php
parent	12eec0fea24ab71a4a374d06bdd8ce8fe0ebef98 (diff)