Disallow Registering with Reserved Characters

This commit is contained in:
Danii 2023-01-09 16:09:46 +01:00
parent 77ebc330cb
commit dc2c1be031
1 changed files with 2 additions and 1 deletions

View File

@ -34,7 +34,8 @@ def logout():
def register():
error = None
if request.method == 'POST':
if (not uexist(request.form['username'])) and len(request.form['password']) >= 8 and request.form['username'].strip() != "":
if ((not uexist(request.form['username'])) and len(request.form['password']) >= 8
and request.form['username'].strip() != "" and not any(illegal_character in request.form['username'] for illegal_character in "%&.+?;")):
newuser(request.form['username'], request.form['password'])
return redirect('/login?success', 303)
elif len(request.form['password']) < 8: