From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/sites/lib/lang/de_shell_user.lng |    2 ++
 interface/web/sites/shell_user_edit.php        |    8 ++++++--
 interface/web/sites/form/shell_user.tform.php  |    2 +-
 interface/web/sites/lib/lang/en_shell_user.lng |    2 ++
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/interface/web/sites/form/shell_user.tform.php b/interface/web/sites/form/shell_user.tform.php
index d698a7a..61d92b3 100644
--- a/interface/web/sites/form/shell_user.tform.php
+++ b/interface/web/sites/form/shell_user.tform.php
@@ -91,7 +91,7 @@
 			'validators'	=> array ( 	0 => array (	'type'	=> 'UNIQUE',
 														'errmsg'=> 'username_error_unique'),
 										1 => array (	'type'	=> 'REGEX',
-														'regex' => '/^[\w\.\-]{0,64}$/',
+														'regex' => '/^[\w\.\-]{0,32}$/',
 														'errmsg'=> 'username_error_regex'),
 									),
 			'default'	=> '',
diff --git a/interface/web/sites/lib/lang/de_shell_user.lng b/interface/web/sites/lib/lang/de_shell_user.lng
index 20d82cc..9de369f 100644
--- a/interface/web/sites/lib/lang/de_shell_user.lng
+++ b/interface/web/sites/lib/lang/de_shell_user.lng
@@ -26,4 +26,6 @@
 $wb['repeat_password_txt'] = 'Passwort wiederholen';
 $wb['password_mismatch_txt'] = 'Die Passwörter stimmen nicht überein.';
 $wb['password_match_txt'] = 'Die Passwörter stimmen überein.';
+$wb['username_must_not_exceed_32_chars_txt'] = 'Der Benutzername darf 32 Zeichen nicht überschreiten.';
+$wb['username_not_allowed_txt'] = 'Der Benutzername ist nicht erlaubt.';
 ?>
diff --git a/interface/web/sites/lib/lang/en_shell_user.lng b/interface/web/sites/lib/lang/en_shell_user.lng
index ef0aba0..c15d1b5 100644
--- a/interface/web/sites/lib/lang/en_shell_user.lng
+++ b/interface/web/sites/lib/lang/en_shell_user.lng
@@ -26,4 +26,6 @@
 $wb['repeat_password_txt'] = 'Repeat Password';
 $wb['password_mismatch_txt'] = 'The passwords do not match.';
 $wb['password_match_txt'] = 'The passwords do match.';
+$wb['username_must_not_exceed_32_chars_txt'] = 'The username must not exceed 32 characters.';
+$wb['username_not_allowed_txt'] = 'The username is not allowed.';
 ?>
diff --git a/interface/web/sites/shell_user_edit.php b/interface/web/sites/shell_user_edit.php
index 6939d4a..b14963a 100644
--- a/interface/web/sites/shell_user_edit.php
+++ b/interface/web/sites/shell_user_edit.php
@@ -121,7 +121,7 @@
 		$blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
 		foreach($blacklist as $line) {
 			if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
-				$app->tform->errorMessage .= 'The username is not allowed.';
+				$app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
 			}
 		}
 		unset($blacklist);
@@ -138,6 +138,8 @@
             $this->dataRecord['username_prefix'] = $shelluser_prefix;
 			/* restrict the names */
 			$this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
+			
+			if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
 		}
 		parent::onBeforeInsert();
 	}
@@ -166,7 +168,7 @@
 		$blacklist = file(ISPC_LIB_PATH.'/shelluser_blacklist');
 		foreach($blacklist as $line) {
 			if(strtolower(trim($line)) == strtolower(trim($this->dataRecord['username']))){
-				$app->tform->errorMessage .= 'The username is not allowed.';
+				$app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');
 			}
 		}
 		unset($blacklist);
@@ -188,6 +190,8 @@
             
 			/* restrict the names */
 			$this->dataRecord['username'] = $shelluser_prefix . $this->dataRecord['username'];
+			
+			if(strlen($this->dataRecord['username']) > 32) $app->tform->errorMessage .= $app->tform->lng("username_must_not_exceed_32_chars_txt");
 		}
 	}
 	

--
Gitblit v1.9.1