From 2ed5c42cdd8c74fbc48f7c91aaaaa78ae280ff43 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 20 Oct 2018 16:32:59 -0400 Subject: [PATCH 1/5] Add system.username_min_length and system.username_max_length config keys --- config/config.ini.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/config/config.ini.php b/config/config.ini.php index ea3df52cb..05a8738e9 100644 --- a/config/config.ini.php +++ b/config/config.ini.php @@ -364,6 +364,18 @@ throttle_limit_month = 0 ; For instance if your URL is 'http://example.com/directory/subdirectory', set urlpath to 'directory/subdirectory'. urlpath = +; username_min_length (Integer) +; The minimum character length a username can be. +; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. +; Minimum for this config value is 1. Maximum is 255; +username_min_length = 3 + +; username_max_length (Integer) +; The maximum character length a username can be. +; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. +; Minimum for this config value is 1. Maximum is 255; +username_max_length = 48 + ; worker_cooldown (Integer) ; Cooldown period in seconds after each worker function call. worker_cooldown = 0 From d360bf926a5aea4461cdf79a0ab115159155138b Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 20 Oct 2018 16:33:54 -0400 Subject: [PATCH 2/5] Use username_min/max_length config keys in Model\User::create --- src/Model/User.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index 63aaa1e3d..71c1306b8 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -466,19 +466,23 @@ class User // collapse multiple spaces in name $username = preg_replace('/ +/', ' ', $username); - if (mb_strlen($username) > 48) { - throw new Exception(L10n::t('Please use a shorter name.')); + $username_min_length = max(1, min(255, intval(Config::get('system', 'username_min_length', 0)))); + $username_max_length = max(1, min(255, intval(Config::get('system', 'username_max_length', 0)))); + + if (mb_strlen($username) < $username_min_length) { + throw new Exception(L10n::tt('Username should be at least %s character.', 'Username should be at least %s character.', $username_min_length)); } - if (mb_strlen($username) < 3) { - throw new Exception(L10n::t('Name too short.')); + + if (mb_strlen($username) > $username_max_length) { + throw new Exception(L10n::tt('Username should be at most %s character.', 'Username should be at most %s characters.', $username_max_length)); } // So now we are just looking for a space in the full name. $loose_reg = Config::get('system', 'no_regfullname'); if (!$loose_reg) { $username = mb_convert_case($username, MB_CASE_TITLE, 'UTF-8'); - if (!strpos($username, ' ')) { - throw new Exception(L10n::t("That doesn't appear to be your full \x28First Last\x29 name.")); + if (strpos($username, ' ') === false) { + throw new Exception(L10n::t("That doesn't appear to be your full (First Last) name.")); } } From b08408c086b25e0ada4e07e4fc25b7ec25a860a1 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 21 Oct 2018 08:28:24 -0400 Subject: [PATCH 3/5] Add safeguard for username_min|max_length mutual exclusion --- src/Model/User.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/Model/User.php b/src/Model/User.php index 71c1306b8..2fda6aac2 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -469,8 +469,15 @@ class User $username_min_length = max(1, min(255, intval(Config::get('system', 'username_min_length', 0)))); $username_max_length = max(1, min(255, intval(Config::get('system', 'username_max_length', 0)))); + if ($username_min_length > $username_max_length) { + logger(L10n::t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length), LOGGER_WARNING); + $tmp = $username_min_length; + $username_min_length = $username_max_length; + $username_max_length = $tmp; + } + if (mb_strlen($username) < $username_min_length) { - throw new Exception(L10n::tt('Username should be at least %s character.', 'Username should be at least %s character.', $username_min_length)); + throw new Exception(L10n::tt('Username should be at least %s character.', 'Username should be at least %s characters.', $username_min_length)); } if (mb_strlen($username) > $username_max_length) { From c1bca43feea8bbb16debdeeb9ece71d434556c6c Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 21 Oct 2018 15:10:51 -0400 Subject: [PATCH 4/5] Changing default/max values for username_min/max_length - Restoring legacy default values (3 and 48 respectively) - Lowering the max value to 150 to take the full profile URL length into account --- config/config.ini.php | 4 ++-- src/Model/User.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/config.ini.php b/config/config.ini.php index 05a8738e9..8d1c66dbb 100644 --- a/config/config.ini.php +++ b/config/config.ini.php @@ -367,13 +367,13 @@ urlpath = ; username_min_length (Integer) ; The minimum character length a username can be. ; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. -; Minimum for this config value is 1. Maximum is 255; +; Minimum for this config value is 1. Maximum is 150 as the resulting profile URL shouldn't be longer than 255 chars. username_min_length = 3 ; username_max_length (Integer) ; The maximum character length a username can be. ; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. -; Minimum for this config value is 1. Maximum is 255; +; Minimum for this config value is 1. Maximum is 150 as the resulting profile URL shouldn't be longer than 255 chars. username_max_length = 48 ; worker_cooldown (Integer) diff --git a/src/Model/User.php b/src/Model/User.php index 2fda6aac2..4dcd50704 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -466,8 +466,8 @@ class User // collapse multiple spaces in name $username = preg_replace('/ +/', ' ', $username); - $username_min_length = max(1, min(255, intval(Config::get('system', 'username_min_length', 0)))); - $username_max_length = max(1, min(255, intval(Config::get('system', 'username_max_length', 0)))); + $username_min_length = max(1, min(150, intval(Config::get('system', 'username_min_length', 3)))); + $username_max_length = max(1, min(150, intval(Config::get('system', 'username_max_length', 48)))); if ($username_min_length > $username_max_length) { logger(L10n::t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length), LOGGER_WARNING); From 4ec56a097522fb16f5389c6a2df5a06ae250c23f Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 21 Oct 2018 17:28:40 -0400 Subject: [PATCH 5/5] Sets maximum to 64 for username_min/max_length config keys --- config/config.ini.php | 4 ++-- src/Model/User.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/config.ini.php b/config/config.ini.php index 8d1c66dbb..fc9855cd6 100644 --- a/config/config.ini.php +++ b/config/config.ini.php @@ -367,13 +367,13 @@ urlpath = ; username_min_length (Integer) ; The minimum character length a username can be. ; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. -; Minimum for this config value is 1. Maximum is 150 as the resulting profile URL shouldn't be longer than 255 chars. +; Minimum for this config value is 1. Maximum is 64 as the resulting profile URL mustn't be longer than 255 chars. username_min_length = 3 ; username_max_length (Integer) ; The maximum character length a username can be. ; This length is check once the username has been trimmed and multiple spaces have been collapsed into one. -; Minimum for this config value is 1. Maximum is 150 as the resulting profile URL shouldn't be longer than 255 chars. +; Minimum for this config value is 1. Maximum is 64 as the resulting profile URL mustn't be longer than 255 chars. username_max_length = 48 ; worker_cooldown (Integer) diff --git a/src/Model/User.php b/src/Model/User.php index 4dcd50704..bca3e73f5 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -466,8 +466,8 @@ class User // collapse multiple spaces in name $username = preg_replace('/ +/', ' ', $username); - $username_min_length = max(1, min(150, intval(Config::get('system', 'username_min_length', 3)))); - $username_max_length = max(1, min(150, intval(Config::get('system', 'username_max_length', 48)))); + $username_min_length = max(1, min(64, intval(Config::get('system', 'username_min_length', 3)))); + $username_max_length = max(1, min(64, intval(Config::get('system', 'username_max_length', 48)))); if ($username_min_length > $username_max_length) { logger(L10n::t('system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values.', $username_min_length, $username_max_length), LOGGER_WARNING);