comparison mod_register_json/mod_register_json.lua @ 429:ea6641deec12

mod_register_json: added check for invalid characters in the username.
author Marco Cirillo <maranda@lightwitch.org>
date Thu, 15 Sep 2011 03:32:23 +0000
parents 16da8cd69715
children f0fafd19fd72
comparison
equal deleted inserted replaced
428:a46c2326eed7 429:ea6641deec12
92 end 92 end
93 end 93 end
94 94
95 -- We first check if the supplied username for registration is already there. 95 -- We first check if the supplied username for registration is already there.
96 if not usermanager.user_exists(req_body["username"], req_body["host"]) then 96 if not usermanager.user_exists(req_body["username"], req_body["host"]) then
97 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); 97 -- Sanity checks for the username.
98 module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]); 98 if req_body["username"]:find(" ") or req_body["username"]:find("@") or req_body["username"]:find("<") or
99 return http_response(200, "Done."); 99 req_body["username"]:find(">") or req_body["username"]:find("\"") or req_body["username"]:find("\'") or
100 req_body["username"]:find("/") then
101 module:log("debug", "%s supplied an username containing invalid characters: %s", user, req_body["username"]);
102 return http_response(406, "Supplied username contains invalid characters, see RFC 6122.");
103 else
104 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
105 module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]);
106 return http_response(200, "Done.");
107 end
100 else 108 else
101 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]); 109 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]);
102 return http_response(409, "User already exists."); 110 return http_response(409, "User already exists.");
103 end 111 end
104 end 112 end