Merge pull request #3715 from thelounge/xpaw/nick-pattern

Disallow some invalid characters in nicknames and usernames
This commit is contained in:
Pavel Djundik 2020-01-22 10:28:51 +02:00 committed by GitHub
commit 5b68fb5054
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 17 deletions

View file

@ -90,6 +90,7 @@
id="connect:nick" id="connect:nick"
class="input nick" class="input nick"
name="nick" name="nick"
pattern="[^\s:!@]+"
:value="defaults.nick" :value="defaults.nick"
maxlength="100" maxlength="100"
required required
@ -104,8 +105,9 @@
ref="usernameInput" ref="usernameInput"
class="input username" class="input username"
name="username" name="username"
pattern="[^\s:!@]+"
:value="defaults.username" :value="defaults.username"
maxlength="512" maxlength="100"
/> />
</div> </div>
</template> </template>
@ -118,7 +120,7 @@
class="input" class="input"
:type="slotProps.isVisible ? 'text' : 'password'" :type="slotProps.isVisible ? 'text' : 'password'"
name="password" name="password"
maxlength="512" maxlength="300"
/> />
</RevealPassword> </RevealPassword>
</div> </div>
@ -129,7 +131,7 @@
class="input" class="input"
name="realname" name="realname"
:value="defaults.realname" :value="defaults.realname"
maxlength="512" maxlength="300"
/> />
</div> </div>
<template v-if="defaults.uuid"> <template v-if="defaults.uuid">

View file

@ -62,26 +62,24 @@ function Network(attr) {
} }
Network.prototype.validate = function(client) { Network.prototype.validate = function(client) {
// If entered nick is over 100 characters, limit it so we don't try to compile a big regex // Remove !, :, @ and whitespace characters from nicknames and usernames
if (this.nick && this.nick.length > 100) { const cleanNick = (str) => str.replace(/[\x00\s:!@]/g, "_").substring(0, 100);
this.nick = this.nick.substring(0, 100);
}
this.setNick(String(this.nick || Helper.getDefaultNick()).replace(/\s/g, "_")); // Remove new lines and limit length
const cleanString = (str) => str.replace(/[\x00\r\n]/g, "").substring(0, 300);
this.setNick(cleanNick(String(this.nick || Helper.getDefaultNick())));
if (!this.username) { if (!this.username) {
// If username is empty, make one from the provided nick
this.username = this.nick.replace(/[^a-zA-Z0-9]/g, ""); this.username = this.nick.replace(/[^a-zA-Z0-9]/g, "");
} else {
// Remove any whitespace from usernames as that is not valid
this.username = this.username.replace(/\s/g, "_").substring(0, 100);
} }
if (!this.realname) { this.username = cleanNick(this.username) || "thelounge";
this.realname = "The Lounge User"; this.realname = cleanString(this.realname) || "The Lounge User";
} else { this.password = cleanString(this.password);
// Remove newlines from realnames this.host = cleanString(this.host);
this.realname = this.realname.replace(/[\r\n]/g, "_").substring(0, 128); this.name = cleanString(this.name);
}
if (!this.port) { if (!this.port) {
this.port = this.tls ? 6697 : 6667; this.port = this.tls ? 6697 : 6667;