Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2025-01-19 01:24:05 +01:00
Code Releases Wiki Activity

SECURITY: Board Owners could brick accounts by creating account names of matching users with different capitalizations

Browse Source
This commit is contained in:
8chan 2014-12-14 03:26:45 -08:00
parent 8ff796cf80
commit 6ed13f3fb0
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
inc/8chan-mod-pages.php
View File

@ -22,6 +22,7 @@
$config['mod']['clean_global'] = GLOBALVOLUNTEER;
$config['mod']['view_notes'] = DISABLED;
$config['mod']['create_notes'] = DISABLED;
$config['mod']['edit_config'] = DISABLED;
$config['mod']['debug_recent'] = ADMIN;
$config['mod']['debug_antispam'] = ADMIN;
$config['mod']['noticeboard_post'] = ADMIN;
@ -155,14 +156,16 @@
error(sprintf($config['error']['required'], 'username'));
if ($_POST['password'] == '')
error(sprintf($config['error']['required'], 'password'));
if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $_POST['username']))
error(_('Invalid username'));
if ($count > 10) {
error(_('Too many board volunteers!'));
}
foreach ($volunteers as $i => $v) {
if ($_POST['username'] == $v['username']) {
error(_('Refusing to create a volunteer with the same username as an existing one.'));
if (strtolower($_POST['username']) == strtolower($v['username'])) {
error(_('Refusing to create a volunteer with the same username as an existing one.'));
}
}