Verify username for special characters on signup

2018-12-02 12:43:03 +01:00 · 2018-12-02 12:43:03 +01:00 · 9714bafded
commit 9714bafded
parent 74c398d60c
1 changed files with 10 additions and 1 deletions
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@ -309,7 +309,8 @@ fn delete(name: String, conn: DbConn, user: User, mut cookies: Cookies) -> Optio
    )
 )]
 struct NewUserForm {
-    #[validate(length(min = "1", message = "Username can't be empty"))]
+    #[validate(length(min = "1", message = "Username can't be empty"),
+        custom( function = "validate_username", message = "User name is not allowed to contain any of < > & @ ' or \""))]
    username: String,
    #[validate(email(message = "Invalid email"))]
    email: String,
@ -337,6 +338,14 @@ fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
    }
 }

+fn validate_username(username: &str) -> Result<(), ValidationError> {
+    if username.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
+        Err(ValidationError::new("username_illegal_char"))
+    } else {
+        Ok(())
+    }
+}
+
 #[post("/users/new", data = "<data>")]
 fn create(conn: DbConn, data: LenientForm<NewUserForm>) -> Result<Redirect, Template> {
    if !Instance::get_local(&*conn)