diff options
author | zottel <github@zottel.net> | 2012-03-22 16:03:14 +0100 |
---|---|---|
committer | zottel <github@zottel.net> | 2012-03-22 16:03:14 +0100 |
commit | e7d80a79fff23e6f8900b40677d11d1022a45df6 (patch) | |
tree | 29355722fb8a3e993884e852a254277c80e90de4 /mod | |
parent | 3f3c4aec79bf3ceedd551bae7cec7acfd68e3772 (diff) | |
parent | 622b25df5f2d1ab21c9e23047bc0c98bfe72bad0 (diff) | |
download | volse-hubzilla-e7d80a79fff23e6f8900b40677d11d1022a45df6.tar.gz volse-hubzilla-e7d80a79fff23e6f8900b40677d11d1022a45df6.tar.bz2 volse-hubzilla-e7d80a79fff23e6f8900b40677d11d1022a45df6.zip |
Merge remote branch 'upstream/master'
Diffstat (limited to 'mod')
-rw-r--r-- | mod/delegate.php | 2 | ||||
-rwxr-xr-x | mod/register.php | 10 | ||||
-rwxr-xr-x | mod/regmod.php | 5 |
3 files changed, 16 insertions, 1 deletions
diff --git a/mod/delegate.php b/mod/delegate.php index c19df0681..8c5031859 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -86,7 +86,7 @@ function delegate_content(&$a) { $r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s' and contact.uid = %d and contact.self = 0 and network = '%s' ", - dbesc($a->get_baseurl()), + dbesc(normalise_link($a->get_baseurl())), intval(local_user()), dbesc(NETWORK_DFRN) ); diff --git a/mod/register.php b/mod/register.php index 388b3e250..6d0e2700b 100755 --- a/mod/register.php +++ b/mod/register.php @@ -150,6 +150,16 @@ function register_post(&$a) { if(count($r)) $err .= t('Nickname is already registered. Please choose another.') . EOL; + // Check deleted accounts that had this nickname. Doesn't matter to us, + // but could be a security issue for federated platforms. + + $r = q("SELECT * FROM `userd` + WHERE `username` = '%s' LIMIT 1", + dbesc($nickname) + ); + if(count($r)) + $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; + if(strlen($err)) { notice( $err ); return; diff --git a/mod/regmod.php b/mod/regmod.php index 17e728ba2..21f41eb01 100755 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -64,6 +64,11 @@ function user_allow($hash) { } + +// This does not have to go through user_remove() and save the nickname +// permanently against re-registration, as the person was not yet +// allowed to have friends on this system + function user_deny($hash) { $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", |