(courtesy of danii) username sanitization

Reviewed-on: #1
main
Toaster 2 months ago
commit a58d9c5f06

@ -34,7 +34,8 @@ def logout():
def register():
error = None
if request.method == 'POST':
if (not uexist(request.form['username'])) and len(request.form['password']) >= 8 and request.form['username'].strip() != "":
if ((not uexist(request.form['username'])) and len(request.form['password']) >= 8
and request.form['username'].strip() != "" and not any(illegal_character in request.form['username'] for illegal_character in "%&.+?;")):
newuser(request.form['username'], request.form['password'])
return redirect('/login?success', 303)
elif len(request.form['password']) < 8:

@ -17,6 +17,7 @@
<form action="/reg" method="POST">
<ul>
<li>Password must be at least 8 characters long.</li>
<li>Username must not contain any of the following characters: %&.+?;</li>
<li>Username may not contain offensive content.</li>
<li>Your username cannot be changed later.</li>
</ul>

Loading…
Cancel
Save