(courtesy of danii) username sanitization

Reviewed-on: #1
This commit is contained in:
Toaster 2023-01-10 14:48:16 +01:00
commit a58d9c5f06
2 changed files with 3 additions and 1 deletions

View File

@ -34,7 +34,8 @@ def logout():
def register():
error = None
if request.method == 'POST':
if (not uexist(request.form['username'])) and len(request.form['password']) >= 8 and request.form['username'].strip() != "":
if ((not uexist(request.form['username'])) and len(request.form['password']) >= 8
and request.form['username'].strip() != "" and not any(illegal_character in request.form['username'] for illegal_character in "%&.+?;")):
newuser(request.form['username'], request.form['password'])
return redirect('/login?success', 303)
elif len(request.form['password']) < 8:

View File

@ -17,6 +17,7 @@
<form action="/reg" method="POST">
<ul>
<li>Password must be at least 8 characters long.</li>
<li>Username must not contain any of the following characters: %&.+?;</li>
<li>Username may not contain offensive content.</li>
<li>Your username cannot be changed later.</li>
</ul>