revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-12 08:36:13 +01:00
Code Issues Releases Wiki Activity

Account registration: Restrict Real Name length

Browse source 
Summary:
Avoid a database exception at user account registration when users enter very long real names by setting a maximum length.
This does not affect existing account data as it is only called in the account registration code.

Fixes T15962

Test Plan: Go to http://phorge.localhost/auth/register/ and enter long values into the "Real Name" field

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: l2dy, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15962

Differential Revision: https://we.phorge.it/D25841
This commit is contained in:
Andre Klapper 2024-11-29 15:20:29 +01:00
parent 0bfdcaa005
commit eb380f922c
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/applications/auth/controller/PhabricatorAuthRegisterController.php
View file

@ -342,6 +342,10 @@ final class PhabricatorAuthRegisterController
if (!strlen($value_realname) && $require_real_name) { if (!strlen($value_realname) && $require_real_name) {
$e_realname = pht('Required'); $e_realname = pht('Required');
$errors[] = pht('Real name is required.'); $errors[] = pht('Real name is required.');
} else if ($value_realname &&
!PhabricatorUser::validateRealName($value_realname)) {
$e_realname = pht('Invalid');
$errors[] = PhabricatorUser::describeValidRealName();
} else { } else {
$e_realname = null; $e_realname = null;
} }

11
src/applications/people/storage/PhabricatorUser.php
View file

@ -26,6 +26,7 @@ final class PhabricatorUser
const SESSION_TABLE = 'phabricator_session'; const SESSION_TABLE = 'phabricator_session';
const NAMETOKEN_TABLE = 'user_nametoken'; const NAMETOKEN_TABLE = 'user_nametoken';
const MAXIMUM_USERNAME_LENGTH = 64; const MAXIMUM_USERNAME_LENGTH = 64;
const MAXIMUM_REALNAME_LENGTH = 256;
protected $userName; protected $userName;
protected $realName; protected $realName;
@ -550,6 +551,16 @@ final class PhabricatorUser
return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]\z/', $username); return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]\z/', $username);
} }
public static function describeValidRealName() {
return pht(
'Real Name must have no more than %d characters.',
new PhutilNumber(self::MAXIMUM_REALNAME_LENGTH));
}
public static function validateRealName($realname) {
return strlen($realname) <= self::MAXIMUM_REALNAME_LENGTH;
}
public static function getDefaultProfileImageURI() { public static function getDefaultProfileImageURI() {
return celerity_get_resource_uri('/rsrc/image/avatar.png'); return celerity_get_resource_uri('/rsrc/image/avatar.png');
} }