From a530004ac7dbe49c454bbdc05a3ae240fb92e4a4 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 13 Aug 2013 14:37:23 -0700 Subject: [PATCH] Raise an error if a user tries to register with an excessively long username Summary: Fixes T2348. We should probably do some of this more broadly, but can tackle them one at a time as they arise, since many fields have no effective length limit. Test Plan: {F54126} Reviewers: btrahan, asherkin Reviewed By: asherkin CC: aran Maniphest Tasks: T2348 Differential Revision: https://secure.phabricator.com/D6744 --- src/applications/people/storage/PhabricatorUser.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php index ab9f4d332f..2d31ec5fa3 100644 --- a/src/applications/people/storage/PhabricatorUser.php +++ b/src/applications/people/storage/PhabricatorUser.php @@ -9,6 +9,7 @@ final class PhabricatorUser const SESSION_TABLE = 'phabricator_session'; const NAMETOKEN_TABLE = 'user_nametoken'; + const MAXIMUM_USERNAME_LENGTH = 64; protected $phid; protected $userName; @@ -689,8 +690,11 @@ EOBODY; } public static function describeValidUsername() { - return 'Usernames must contain only numbers, letters, period, underscore '. - 'and hyphen, and can not end with a period.'; + return pht( + 'Usernames must contain only numbers, letters, period, underscore and '. + 'hyphen, and can not end with a period. They must have no more than %d '. + 'characters.', + new PhutilNumber(self::MAXIMUM_USERNAME_LENGTH)); } public static function validateUsername($username) { @@ -701,6 +705,10 @@ EOBODY; // - Unit tests, obviously. // - describeValidUsername() method, above. + if (strlen($username) > self::MAXIMUM_USERNAME_LENGTH) { + return false; + } + return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]$/', $username); }