From ebdf0ee99e517c6718099fda2f1b2288c42e66da Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 22 Mar 2012 01:46:52 -0700
Subject: prevent re-registrations using a deleted username - not an issue with
 Friendica but could create a serious privacy issue with federated platforms

---
 mod/register.php | 10 ++++++++++
 mod/regmod.php   |  5 +++++
 2 files changed, 15 insertions(+)

(limited to 'mod')

diff --git a/mod/register.php b/mod/register.php
index 388b3e250..6d0e2700b 100755
--- a/mod/register.php
+++ b/mod/register.php
@@ -150,6 +150,16 @@ function register_post(&$a) {
 	if(count($r))
 		$err .= t('Nickname is already registered. Please choose another.') . EOL;
 
+	// Check deleted accounts that had this nickname. Doesn't matter to us,
+	// but could be a security issue for federated platforms.
+
+	$r = q("SELECT * FROM `userd`
+               	WHERE `username` = '%s' LIMIT 1",
+               	dbesc($nickname)
+	);
+	if(count($r))
+		$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
+
 	if(strlen($err)) {
 		notice( $err );
 		return;
diff --git a/mod/regmod.php b/mod/regmod.php
index 17e728ba2..21f41eb01 100755
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -64,6 +64,11 @@ function user_allow($hash) {
 
 }
 
+
+// This does not have to go through user_remove() and save the nickname
+// permanently against re-registration, as the person was not yet
+// allowed to have friends on this system
+
 function user_deny($hash) {
 
 	$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
-- 
cgit v1.2.3


From 40d19d5b8c34cdb2ad6d605e85206bbe57c0be13 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 22 Mar 2012 06:19:27 -0700
Subject: normalise comparison link on delegation page

---
 mod/delegate.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mod')

diff --git a/mod/delegate.php b/mod/delegate.php
index c19df0681..8c5031859 100644
--- a/mod/delegate.php
+++ b/mod/delegate.php
@@ -86,7 +86,7 @@ function delegate_content(&$a) {
 
 	$r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s' 
 		and contact.uid = %d and contact.self = 0 and network = '%s' ",
-		dbesc($a->get_baseurl()),
+		dbesc(normalise_link($a->get_baseurl())),
 		intval(local_user()),
 		dbesc(NETWORK_DFRN)
 	); 
-- 
cgit v1.2.3