invalidate usernames comprised entirely of whitespace

author: Riley L. <riley@e926.de> 2024-11-04 14:14:23 +0100
committer: Riley L. <riley@e926.de> 2024-11-04 14:14:23 +0100
commit: 373242c40a6d70c9adb317760ac73211edff867b (patch)
tree: a0d9f1f8382c90c0b238e4cef0f5c73e90b23711
parent: 2b5aa684f1be95833ac53f01d786b60d1539bad4 (diff)
download: abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar
abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar.bz2
abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar.zst
1 files changed, 2 insertions, 1 deletions
diff --git a/abrechenbarkeit.lua b/abrechenbarkeit.lua
index 165681c..d4eacc3 100755
--- a/abrechenbarkeit.lua
+++ b/abrechenbarkeit.lua
@@ -427,7 +427,8 @@ end
 
 local function r_create_user()
     local username = query.create_user
-    if username:match("^([%w_ -]+)$") == nil then
+	-- gsub to remove whitespace. disallows username made up entirely of whitespace
+    if username:gsub("%s+", ""):match("^([%w_ -]+)$") == nil then
         return respond_error("invalid username " .. username)
     end
     return redirect(string.format("/%s", urlencode(username)))
author	Riley L. <riley@e926.de>	2024-11-04 14:14:23 +0100
committer	Riley L. <riley@e926.de>	2024-11-04 14:14:23 +0100
commit	373242c40a6d70c9adb317760ac73211edff867b (patch)
tree	a0d9f1f8382c90c0b238e4cef0f5c73e90b23711
parent	2b5aa684f1be95833ac53f01d786b60d1539bad4 (diff)
download	abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar.bz2 abrechenbarkeit-373242c40a6d70c9adb317760ac73211edff867b.tar.zst