12 년 전 · 3318ddf457
--- a/Sources/Register.php
+++ b/Sources/Register.php
@@ -836,28 +836,16 @@ function RegisterCheckUsername()
 
				 	// This is XML!
			
 
				 	loadTemplate('Xml');
			
 
				 	$context['sub_template'] = 'check_username';
			
 
				-	$context['checked_username'] = isset($_GET['username']) ? $_GET['username'] : '';
			
 
				+	$context['checked_username'] = isset($_GET['username']) ? un_htmlspecialchars($_GET['username']) : '';
			
 
				 	$context['valid_username'] = true;
			
 
				 
			
 
				 	// Clean it up like mother would.
			
 
				 	$context['checked_username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
			
 
				-	if ($smcFunc['strlen']($context['checked_username']) > 25)
			
 
				-		$context['checked_username'] = $smcFunc['htmltrim']($smcFunc['substr']($context['checked_username'], 0, 25));
			
 
				 
			
 
				-	// Only these characters are permitted.
			
 
				-	if (preg_match('~[<>&"\'=\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $context['checked_username'])) != 0 || $context['checked_username'] == '_' || $context['checked_username'] == '|' || strpos($context['checked_username'], '[code') !== false || strpos($context['checked_username'], '[/code') !== false)
			
 
				-		$context['valid_username'] = false;
			
 
				+	require_once($sourcedir . '/Subs-Auth.php');
			
 
				+	$errors = validateUsername(0, $context['checked_username'], true);
			
 
				 
			
 
				-	if (stristr($context['checked_username'], $txt['guest_title']) !== false)
			
 
				-		$context['valid_username'] = false;
			
 
				-
			
 
				-	if (trim($context['checked_username']) == '')
			
 
				-		$context['valid_username'] = false;
			
 
				-	else
			
 
				-	{
			
 
				-		require_once($sourcedir . '/Subs-Members.php');
			
 
				-		$context['valid_username'] &= isReservedName($context['checked_username'], 0, false, false) ? 0 : 1;
			
 
				-	}
			
 
				+	$context['valid_username'] = empty($errors);
			
 
				 }
			
 
				 
			
 
				 ?>
			
--- a/Sources/Subs-Auth.php
+++ b/Sources/Subs-Auth.php
@@ -604,26 +604,44 @@ function resetPassword($memID, $username = null)
 
				  * @param string $username
			
 
				  * @return string Returns null if fine
			
 
				  */
			
 
				-function validateUsername($memID, $username)
			
 
				+function validateUsername($memID, $username, $return_error = false, $check_reserved_name = true)
			
 
				 {
			
 
				-	global $sourcedir, $txt;
			
 
				+	global $sourcedir, $txt, $smcFunc, $user_info;
			
 
				+
			
 
				+	$errors = array();
			
 
				+
			
 
				+	// Don't use too long a name.
			
 
				+	if ($smcFunc['strlen']($username) > 25)
			
 
				+		$errors[] = array('lang', 'error_long_name');
			
 
				 
			
 
				 	// No name?!  How can you register with no name?
			
 
				 	if ($username == '')
			
 
				-		fatal_lang_error('need_username', false);
			
 
				+		$errors[] = array('lang', 'need_username');
			
 
				 
			
 
				 	// Only these characters are permitted.
			
 
				 	if (in_array($username, array('_', '|')) || preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $username)) != 0 || strpos($username, '[code') !== false || strpos($username, '[/code') !== false)
			
 
				-		fatal_lang_error('error_invalid_characters_username', false);
			
 
				+		$errors[] = array('lang', 'error_invalid_characters_username');
			
 
				 
			
 
				 	if (stristr($username, $txt['guest_title']) !== false)
			
 
				-		fatal_lang_error('username_reserved', true, array($txt['guest_title']));
			
 
				+		$errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
			
 
				+
			
 
				+	if ($check_reserved_name)
			
 
				+	{
			
 
				+		require_once($sourcedir . '/Subs-Members.php');
			
 
				+		if (isReservedName($username, $memID, false))
			
 
				+			$errors[] = array('done', '(' . htmlspecialchars($username) . ') ' . $txt['name_in_use']);
			
 
				+	}
			
 
				+
			
 
				+	if ($return_error)
			
 
				+		return $errors;
			
 
				+	elseif (empty($errors))
			
 
				+		return null;
			
 
				 
			
 
				-	require_once($sourcedir . '/Subs-Members.php');
			
 
				-	if (isReservedName($username, $memID, false))
			
 
				-		fatal_error('(' . htmlspecialchars($username) . ') ' . $txt['name_in_use'], false);
			
 
				+	loadLanguage('Errors');
			
 
				+	$error = $errors[0];
			
 
				 
			
 
				-	return null;
			
 
				+	$message = $error[0] == 'lang' ? (empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3])) : $error[1];
			
 
				+	fatal_error($message, empty($error[2]) || $user_info['is_admin'] ? false : $error[2]);
			
 
				 }
			
 
				 
			
 
				 /**
			
--- a/Sources/Subs-Members.php
+++ b/Sources/Subs-Members.php
@@ -469,34 +469,16 @@ function registerMember(&$regOptions, $return_errors = false)
 
				 			$regOptions['auth_method'] = 'password';
			
 
				 	}
			
 
				 
			
 
				-	// No name?!  How can you register with no name?
			
 
				-	if (empty($regOptions['username']))
			
 
				-		$reg_errors[] = array('lang', 'need_username');
			
 
				-
			
 
				 	// Spaces and other odd characters are evil...
			
 
				 	$regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
			
 
				 
			
 
				-	// Don't use too long a name.
			
 
				-	if ($smcFunc['strlen']($regOptions['username']) > 25)
			
 
				-		$reg_errors[] = array('lang', 'error_long_name');
			
 
				-
			
 
				-	// Only these characters are permitted.
			
 
				-	if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false)
			
 
				-		$reg_errors[] = array('lang', 'error_invalid_characters_username');
			
 
				-
			
 
				-	if ($smcFunc['strtolower']($regOptions['username']) === $smcFunc['strtolower']($txt['guest_title']))
			
 
				-		$reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
			
 
				-
			
 
				 	// @todo Separate the sprintf?
			
 
				 	if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
			
 
				 		$reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
			
 
				 
			
 
				-	if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false))
			
 
				-	{
			
 
				-		if ($regOptions['password'] == 'chocolate cake')
			
 
				-			$reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
			
 
				-		$reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
			
 
				-	}
			
 
				+	$username_validation_errors = validateUsername(0, $regOptions['username'], true, !empty($regOptions['check_reserved_name']));
			
 
				+	if (!empty($username_validation_errors))
			
 
				+		$reg_errors = array_merge($reg_errors, $username_validation_errors);
			
 
				 
			
 
				 	// Generate a validation code if it's supposed to be emailed.
			
 
				 	$validation_code = '';