diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 05:53:22 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 05:53:22 +0000 |
| commit | bfa96ad2827ebae0d0288d201c1a730a8d7784e1 (patch) | |
| tree | ccd078c5fe6fe186d79c9c7d47da38e953c71abd | |
| parent | 2f241a35ceab49c5a9e666420a770ceb84b83412 (diff) | |
prevent users from registering with name that is not a valid wikifile
avoids XSS attacks and is generally a good limitation
| -rw-r--r-- | IkiWiki/CGI.pm | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index 36d0e6008..067886c70 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -118,6 +118,7 @@ sub cgi_signin ($$) { #{{{ validate => sub { my $name=shift; length $name && + $name=~/$wiki_file_regexp/ && ! userinfo_get($name, "regdate"); }, ); |