diff options
author | Joey Hess <joeyh@joeyh.name> | 2015-05-14 10:57:56 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2015-05-14 10:57:56 -0400 |
commit | 85a529db3dfb275c86984a5231627b35ddf307e0 (patch) | |
tree | d481ee6697771d1ec93703377dfae4ee60c90451 /IkiWiki/Plugin | |
parent | 804144402bd6b3b52b3e38aff7cc0812ac1ba0c8 (diff) | |
download | ikiwiki-85a529db3dfb275c86984a5231627b35ddf307e0.tar ikiwiki-85a529db3dfb275c86984a5231627b35ddf307e0.tar.gz |
passwordauth: Don't allow registering accounts that look like openids.
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
Diffstat (limited to 'IkiWiki/Plugin')
-rw-r--r-- | IkiWiki/Plugin/passwordauth.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm index 7c01bb3ff..3bdd9de2e 100644 --- a/IkiWiki/Plugin/passwordauth.pm +++ b/IkiWiki/Plugin/passwordauth.pm @@ -251,6 +251,12 @@ sub formbuilder_setup (@) { my $name=shift; length $name && $name=~/$config{wiki_file_regexp}/ && + # don't allow registering + # accounts that look like + # openids, or email + # addresses, even if the + # file regexp allows it + $name!~/[\/:\@]/ && ! IkiWiki::userinfo_get($name, "regdate"); }, ); |