From bfa96ad2827ebae0d0288d201c1a730a8d7784e1 Mon Sep 17 00:00:00 2001
From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Tue, 25 Apr 2006 05:53:22 +0000
Subject: [PATCH] prevent users from registering with name that is not a valid
 wikifile

avoids XSS attacks and is generally a good limitation
---
 IkiWiki/CGI.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 36d0e6008..067886c70 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -118,6 +118,7 @@ sub cgi_signin ($$) { #{{{
 				validate => sub {
 					my $name=shift;
 					length $name &&
+					$name=~/$wiki_file_regexp/ &&
 					! userinfo_get($name, "regdate");
 				},
 			);
-- 
2.39.2