diff options
| -rwxr-xr-x | abrechenbarkeit.lua | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/abrechenbarkeit.lua b/abrechenbarkeit.lua index 165681c..d4eacc3 100755 --- a/abrechenbarkeit.lua +++ b/abrechenbarkeit.lua @@ -427,7 +427,8 @@ end local function r_create_user() local username = query.create_user - if username:match("^([%w_ -]+)$") == nil then + -- gsub to remove whitespace. disallows username made up entirely of whitespace + if username:gsub("%s+", ""):match("^([%w_ -]+)$") == nil then return respond_error("invalid username " .. username) end return redirect(string.format("/%s", urlencode(username))) |