diff --git a/actions/userstable.php b/actions/userstable.php
index 886620360..46ef01737 100644
--- a/actions/userstable.php
+++ b/actions/userstable.php
@@ -103,7 +103,7 @@
if ($isAdmin && !$userIsTheOneConnected) { // admin and not the current user, then can be deleted
echo '
';
echo ' | ';
diff --git a/includes/User.class.php b/includes/User.class.php
index d64d696c8..df2b87ad2 100644
--- a/includes/User.class.php
+++ b/includes/User.class.php
@@ -1,6 +1,7 @@
wiki = $wiki;
$this->initUsersTable();
$this->initLimitations();
+ $this->dbService = $this->wiki->services->get(DbService::class);
$this->securityController = $this->wiki->services->get(SecurityController::class);
}
@@ -237,6 +240,8 @@ protected function checkName($newName)
$this->error = _t('USER_YOU_MUST_SPECIFY_A_NAME').'.';
} elseif (strlen($newName) > $this->nameMaxLength) {
$this->error = _t('USER_NAME_S_MAXIMUM_LENGTH_IS').' '.$this->nameMaxLength.'.';
+ } elseif (preg_match('/[!#@<>\\\\\/][^<>\\\\\/]{2,}/',$newName)) {
+ $this->error = _t('USER_THIS_IS_NOT_A_VALID_NAME').'.';
} else {
$result = true;
}
@@ -404,7 +409,7 @@ public function passwordIsCorrect($pwd, $confPassword = '')
{
$correct = true;
if (isset($confPassword) && (trim($confPassword) !='')) {
- if ($confPassword != $pwd) {
+ if ($confPassword !== $pwd) {
$this->error = _t('USER_PASSWORDS_NOT_IDENTICAL').'.';
$correct = false;
}
@@ -542,7 +547,7 @@ public function updatePassword($password, $confPassword='')
// Update user's password
$sql = 'UPDATE '.$this->usersTable;
$sql .= ' SET password = "'.MD5($password).'" ';
- $sql .= 'WHERE name = "'.$this->properties['name'].'" LIMIT 1;';
+ $sql .= 'WHERE name = "'.$this->dbService->escape($this->properties['name']).'" LIMIT 1;';
$OK = $this->wiki->query($sql); // true or false depending on the query execution
if ($OK) {
$this->properties['password'] = md5($password);
@@ -913,9 +918,9 @@ public function delete()
if ($OK) {
// Delete user in every group
$triplesTable = $this->wiki->config['table_prefix'].'triples';
- $searched_value = '%' . $this->properties['name'] . '%';
- $seek_value_bf = '' . $this->properties['name'] . '\n'; // username to delete can be followed by another username
- $seek_value_af = '\n' . $this->properties['name']; // username to delete can follow another username
+ $searched_value = '%' . $this->dbService->escape($this->properties['name']) . '%';
+ $seek_value_bf = '' . $this->dbService->escape($this->properties['name']) . '\n'; // username to delete can be followed by another username
+ $seek_value_af = '\n' . $this->dbService->escape($this->properties['name']); // username to delete can follow another username
// get rid of this username everytime it's followed by another
$sql = 'UPDATE '.$triplesTable.'';
$sql .= ' SET value = REPLACE(value, "'.$seek_value_bf.'", "")';
@@ -940,7 +945,7 @@ public function delete()
$sql = 'UPDATE `'.$pagesTable.'`';
// $sql .= ' SET `owner` = NULL';
$sql .= ' SET `owner` = "" ';
- $sql .= ' WHERE `owner` = "'.$this->properties['name'].'";';
+ $sql .= ' WHERE `owner` = "'.$this->dbService->escape($this->properties['name']).'";';
$OK = $this->wiki->query($sql);
if (!$OK) {
$this->error = _t('USER_DELETE_QUERY_FAILED').'.';
@@ -949,7 +954,7 @@ public function delete()
// Delete the user row from the user table
if ($OK) {
$sql = 'DELETE FROM `'.$this->usersTable.'`';
- $sql .= ' WHERE `name` = "'.$this->properties['name'].'";';
+ $sql .= ' WHERE `name` = "'.$this->dbService->escape($this->properties['name']).'";';
$OK = $this->wiki->query($sql);
if (!$OK) {
$this->error = _t('USER_DELETE_QUERY_FAILED').'.';
@@ -1024,7 +1029,7 @@ public function listGroupMemberships()
$sql = 'SELECT resource FROM '.$triplesTable;
$sql .= ' WHERE resource LIKE "'.GROUP_PREFIX.'%"';
$sql .= ' AND property LIKE "'.WIKINI_VOC_ACLS_URI.'"';
- $sql .= ' AND value LIKE "%'.$this->properties['name'].'%";';
+ $sql .= ' AND value LIKE "%'.$this->dbService->escape($this->properties['name']).'%";';
/* Execute query */
$results = array();
if ($groups = $this->wiki->loadAll($sql)) {
diff --git a/lang/yeswiki_fr.php b/lang/yeswiki_fr.php
index 4e6241e09..50901f327 100755
--- a/lang/yeswiki_fr.php
+++ b/lang/yeswiki_fr.php
@@ -365,6 +365,7 @@
'USER_PASSWORDS_NOT_IDENTICAL' => 'Les deux mots de passe saisis doivent être identiques',
'USER_PASSWORD_TOO_SHORT' => 'Mot de passe trop court',
'USER_THIS_EMAIL_IS_ALLREADY_USED_ON_THIS_WIKI' => 'L\'email saisi est déjà utilisé sur ce wiki',
+'USER_THIS_IS_NOT_A_VALID_NAME' => 'Ceci n\'est pas un nom d\'utilisateur valide',
'USER_THIS_IS_NOT_A_VALID_EMAIL' => 'Ceci n\'est pas un email valide',
'USER_UPDATE_QUERY_FAILED' => 'La requête de mise à jour de l\'utilisateur dans la base de données a échoué',
'USER_YOU_MUST_SPECIFY_A_NAME' => 'Veuillez saisir un nom pour l\'utilisateur',
diff --git a/tools/login/actions/usersettings.php b/tools/login/actions/usersettings.php
index 0b6de0e8a..82dc7318b 100644
--- a/tools/login/actions/usersettings.php
+++ b/tools/login/actions/usersettings.php
@@ -184,6 +184,10 @@
echo $this->FormClose();
} // End of the one who runs the session is acting
} else { // Neither logged in user nor admin trying to do something
+ // sanitize $_POST['name']
+ if (isset($_POST['name'])){
+ $_POST['name'] = htmlspecialchars($_POST['name']);
+ }
if ($action == 'signup') { // user is trying to register
if (!$this->user->passwordIsCorrect($_POST['password'], $_POST['confpassword'])) {
$error = $this->user->error;