diff --git a/Rocksolid_Light/common/register.php b/Rocksolid_Light/common/register.php
index 3ce54e8..7af7e51 100644
--- a/Rocksolid_Light/common/register.php
+++ b/Rocksolid_Light/common/register.php
@@ -9,6 +9,9 @@ $keys = unserialize(file_get_contents($keyfile));
$email_registry = $spooldir.'/email_registry.dat';
unlink($_POST['captchaimage']);
+$username_allowed_chars = "a-zA-Z0-9_.";
+$clean_username = preg_replace("/[^$username_allowed_chars]/", "", $_POST['username']);
+
if((password_verify($keys[0],$_POST['key'])) || (password_verify($keys[1],$_POST['key']))) {
$auth_ok = true;
} else {
@@ -172,6 +175,16 @@ if (empty($_POST['username'])) {
exit(2);
}
+if($clean_username != $_POST['username']) {
+ echo "The username entered contains disallowed characters.
";
+ echo "Allowed characters:
letters, numbers, underscore, hypen, full stop
";
+ echo '