PonyMirrors/philomena
1
0
Fork 0
mirror of https://github.com/philomena-dev/philomena.git synced 2025-02-19 20:04:23 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix security flaw in usernames

Browse source
This commit is contained in:
byte[] 2021-11-01 15:32:01 +01:00 committed by Luna D
parent cbe5a0dfa7
commit 2f4383eef7
No known key found for this signature in database
GPG key ID: 81AF416F2CC36FC8
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/philomena/users/user.ex
View file

@ -155,6 +155,7 @@ defmodule Philomena.Users.User do
defp validate_name(changeset) do defp validate_name(changeset) do
changeset changeset
|> update_change(:name, &String.trim/1)
|> validate_required([:name]) |> validate_required([:name])
|> validate_length(:name, max: 50) |> validate_length(:name, max: 50)
end end
@ -283,6 +284,7 @@ defmodule Philomena.Users.User do
]) ])
|> validate_required([:name, :email, :role]) |> validate_required([:name, :email, :role])
|> validate_inclusion(:role, ["user", "assistant", "moderator", "admin"]) |> validate_inclusion(:role, ["user", "assistant", "moderator", "admin"])
|> validate_name()
|> put_assoc(:roles, roles) |> put_assoc(:roles, roles)
|> put_slug() |> put_slug()
|> unique_constraints() |> unique_constraints()
@ -379,8 +381,8 @@ defmodule Philomena.Users.User do
user user
|> cast(attrs, [:name]) |> cast(attrs, [:name])
|> validate_required([:name]) |> validate_name()
|> put_slug |> put_slug()
|> unique_constraints() |> unique_constraints()
|> put_change(:last_renamed_at, now) |> put_change(:last_renamed_at, now)
end end