From 65df7f8752cdbc8d91769f55e199eb4f5ad3da8e Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Sat, 19 Oct 2013 20:51:32 +0200 Subject: [PATCH] Added upper limit for user and tag length --- config.ini | 1 + src/Models/Model_Post.php | 7 +++++++ src/Models/Model_User.php | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/config.ini b/config.ini index dca175ab..cc6d3ffe 100644 --- a/config.ini +++ b/config.ini @@ -30,6 +30,7 @@ staffActivation = 0 passMinLength = 5 passRegex = "/^.+$/" userNameMinLength = 3 +userNameMaxLength = 20 userNameRegex = "/^[\w_-]+$/ui" salt = "1A2/$_4xVa" diff --git a/src/Models/Model_Post.php b/src/Models/Model_Post.php index 5e15d8f9..0d57276a 100644 --- a/src/Models/Model_Post.php +++ b/src/Models/Model_Post.php @@ -32,6 +32,13 @@ class Model_Post extends RedBean_SimpleModel { $tag = trim($tag); + $minLength = 1; + $maxLength = 64; + if (strlen($tag) < $minLength) + throw new SimpleException('Tag must have at least ' . $minLength . ' characters'); + if (strlen($tag) > $maxLength) + throw new SimpleException('Tag must have at most ' . $maxLength . ' characters'); + if (!preg_match('/^[a-zA-Z0-9_-]+$/i', $tag)) throw new SimpleException('Invalid tag "' . $tag . '"'); diff --git a/src/Models/Model_User.php b/src/Models/Model_User.php index dcba3f7b..119d6e7a 100644 --- a/src/Models/Model_User.php +++ b/src/Models/Model_User.php @@ -77,11 +77,15 @@ class Model_User extends RedBean_SimpleModel } $userNameMinLength = intval(\Chibi\Registry::getConfig()->registration->userNameMinLength); + $userNameMaxLength = intval(\Chibi\Registry::getConfig()->registration->userNameMaxLength); $userNameRegex = \Chibi\Registry::getConfig()->registration->userNameRegex; if (strlen($userName) < $userNameMinLength) throw new SimpleException(sprintf('User name must have at least %d characters', $userNameMinLength)); + if (strlen($userName) > $userNameMaxLength) + throw new SimpleException(sprintf('User name must have at most %d characters', $userNameMaxLength)); + if (!preg_match($userNameRegex, $userName)) throw new SimpleException('User name contains invalid characters');