llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 20:50:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: unsafe verification username in CheckUsername (#2006)

Browse Source 
* Customization of the initialization file

* Unsafe verification username in CheckUsername
This commit is contained in:
Alex OvsInc
2023-06-21 18:20:23 +03:00
committed by GitHub
parent a3b0f1fc74
commit cadb533595
1 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
object/check.go
View File

@ -396,11 +396,6 @@ func CheckUsername(username string, lang string) string {
return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).") return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
} }
exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
if !exclude.MatchString(username) {
return ""
}
// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex // https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$") re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
if !re.MatchString(username) { if !re.MatchString(username) {