Modified:
development/4.0/textpattern/include/txp_admin.php
development/4.0/textpattern/lib/constants.php
development/4.0/textpattern/lib/txplib_admin.php
Log:
fix [2971]: user name always limited to 64 bytes (not chars\!) upon
creation. The bytes vs chars issue is due to some txp_users tables a using
non-utf8 charset to store utf8 data. Check can be kept very simple, because
due to the rather high limit this will probably only trigger during hack
attempts.
Modified: development/4.0/textpattern/include/txp_admin.php
==============================================================================
--- development/4.0/textpattern/include/txp_admin.php (original)
+++ development/4.0/textpattern/include/txp_admin.php Sun Sep 14 12:45:07
2008
@@ -193,15 +193,8 @@
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$privs = assert_int($privs);
- if ($name && is_valid_email($email))
+ if ($name and strlen($name) <= 64 and is_valid_email($email))
{
- list($valid, $msg) = is_valid_username($name);
- if (!$valid)
- {
- admin($msg);
- return;
- }
-
$password = doSlash(generate_password(6));
$nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
Modified: development/4.0/textpattern/lib/constants.php
==============================================================================
--- development/4.0/textpattern/lib/constants.php (original)
+++ development/4.0/textpattern/lib/constants.php Sun Sep 14 12:45:07 2008
@@ -34,8 +34,6 @@
define('IS_FASTCGI', IS_CGI and empty($_SERVER['FCGI_ROLE']) and
empty($_ENV['FCGI_ROLE']) );
define('IS_APACHE', !IS_CGI and substr(PHP_SAPI, 0, 6) == 'apache' );
-define('USERNAME_MAX_LENGTH', 64); // set to field width of txp_users.name
-
error_reporting($old_level);
unset($old_level);
Modified: development/4.0/textpattern/lib/txplib_admin.php
==============================================================================
--- development/4.0/textpattern/lib/txplib_admin.php (original)
+++ development/4.0/textpattern/lib/txplib_admin.php Sun Sep 14 12:45:07
2008
@@ -126,20 +126,4 @@
return(gTxt('could_not_update_author').' '.htmlspecialchars($name));
}
}
-
-// -------------------------------------------------------------
-
- function is_valid_username($name)
- {
- $res = array(true, gTxt('ok'));
-
- // limit binary string length (mbstring.func_overload safe)
- $len = (function_exists('mb_strlen')) ? mb_strlen($name, 'ASCII') :
strlen($name);
- if ($len >= USERNAME_MAX_LENGTH)
- {
- $res = array(false, gTxt('username_too_long'));
- }
- return $res;
- }
-
?>