From bfa96ad2827ebae0d0288d201c1a730a8d7784e1 Mon Sep 17 00:00:00 2001 From: joey Date: Tue, 25 Apr 2006 05:53:22 +0000 Subject: [PATCH] prevent users from registering with name that is not a valid wikifile avoids XSS attacks and is generally a good limitation --- IkiWiki/CGI.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index 36d0e6008..067886c70 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -118,6 +118,7 @@ sub cgi_signin ($$) { #{{{ validate => sub { my $name=shift; length $name && + $name=~/$wiki_file_regexp/ && ! userinfo_get($name, "regdate"); }, ); -- 2.39.5