rmalley
/
smr
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Throw an error message if the user enters a bad username 

For some reason kore isn't checking parameters anymore, so check
them lua-side.
This commit is contained in:
Robin Malley 2020-10-13 18:10:55 +00:00
parent 709a5c9bad
commit 3742a9d5c4
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lua/init.lua
View File

@ -513,6 +513,16 @@ function claim(req)
--Actually claim a name
http_request_populate_post(req)
local name = assert(http_argument_get_string(req,"user"))
--What in the world, Kore should be rejecting names that
--are not lower case & no symbols, but some still get through somehow.
if not name:match("^[a-z0-9]{1,30}$") then
print("Bad username:",name)
text = pages.claim{
err = "Usernames must match ^[a-z0-9]{1,30}$"
}
http_response(req,200,text)
return
end
local rngf = assert(io.open("/dev/urandom","rb"))
local passlength = string.byte(rngf:read(1)) + 64
local salt = rngf:read(64)