Martin Atkins (mart) wrote in lj_dev,
Martin Atkins

FIX: Check canonical username against reserved usernames

create.bml was comparing $FORM{'user'} against @LJ::PROTECTED_USERNAMES rather than $user, which has been shoved through LJ::canonical_username. The affect of this was that people could create lj_whatever by using hyphen instead of an underscore.

My patch fixes this by comparing against the canonicalised version instead.

I also rearranged the checks so that the "you must enter a username" thing can work on the canonicalised version, to reduce such oversights in the future. The canonical vs entered check had to go first because LJ::canonical_username returns an empty string if the username is invalid.

Simple stuff. I can't leave it running on my goathack because that machine will be in pain during the day tomorrow, I reckon. I'm sure you can see by the patch that it works, anyway... it's not exactly complicated.


  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded