create.bml was comparing $FORM{'user'}
against @LJ::PROTECTED_USERNAMES
rather than $user
, which has been shoved through LJ::canonical_username
. The affect of this was that people could create lj_whatever by using hyphen instead of an underscore.
My patch fixes this by comparing against the canonicalised version instead.
I also rearranged the checks so that the "you must enter a username" thing can work on the canonicalised version, to reduce such oversights in the future. The canonical vs entered check had to go first because LJ::canonical_username
returns an empty string if the username is invalid.
Simple stuff. I can't leave it running on my goathack because that machine will be in pain during the day tomorrow, I reckon. I'm sure you can see by the patch that it works, anyway... it's not exactly complicated.