From 373242c40a6d70c9adb317760ac73211edff867b Mon Sep 17 00:00:00 2001
From: "Riley L." <riley@e926.de>
Date: Mon, 4 Nov 2024 14:14:23 +0100
Subject: invalidate usernames comprised entirely of whitespace

---
 abrechenbarkeit.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/abrechenbarkeit.lua b/abrechenbarkeit.lua
index 165681c..d4eacc3 100755
--- a/abrechenbarkeit.lua
+++ b/abrechenbarkeit.lua
@@ -427,7 +427,8 @@ end
 
 local function r_create_user()
     local username = query.create_user
-    if username:match("^([%w_ -]+)$") == nil then
+	-- gsub to remove whitespace. disallows username made up entirely of whitespace
+    if username:gsub("%s+", ""):match("^([%w_ -]+)$") == nil then
         return respond_error("invalid username " .. username)
     end
     return redirect(string.format("/%s", urlencode(username)))
-- 
cgit v1.3.1