Verify username for special characters on signup
This commit is contained in:
parent
74c398d60c
commit
9714bafded
@ -309,7 +309,8 @@ fn delete(name: String, conn: DbConn, user: User, mut cookies: Cookies) -> Optio
|
|||||||
)
|
)
|
||||||
)]
|
)]
|
||||||
struct NewUserForm {
|
struct NewUserForm {
|
||||||
#[validate(length(min = "1", message = "Username can't be empty"))]
|
#[validate(length(min = "1", message = "Username can't be empty"),
|
||||||
|
custom( function = "validate_username", message = "User name is not allowed to contain any of < > & @ ' or \""))]
|
||||||
username: String,
|
username: String,
|
||||||
#[validate(email(message = "Invalid email"))]
|
#[validate(email(message = "Invalid email"))]
|
||||||
email: String,
|
email: String,
|
||||||
@ -337,6 +338,14 @@ fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn validate_username(username: &str) -> Result<(), ValidationError> {
|
||||||
|
if username.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
|
||||||
|
Err(ValidationError::new("username_illegal_char"))
|
||||||
|
} else {
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[post("/users/new", data = "<data>")]
|
#[post("/users/new", data = "<data>")]
|
||||||
fn create(conn: DbConn, data: LenientForm<NewUserForm>) -> Result<Redirect, Template> {
|
fn create(conn: DbConn, data: LenientForm<NewUserForm>) -> Result<Redirect, Template> {
|
||||||
if !Instance::get_local(&*conn)
|
if !Instance::get_local(&*conn)
|
||||||
|
Loading…
Reference in New Issue
Block a user