2.11.8: Updated regex for username in forms

webpwnized · Dec 17, 2023 · ea1737e · ea1737e
1 parent 5b6703d
commit ea1737e
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 8 deletions.
diff --git a/edit-account-profile.php b/edit-account-profile.php
@@ -180,7 +180,7 @@
 	function onSubmitOfForm(/*HTMLFormElement*/ theForm){
 		try{
 			if(lValidateInput == "TRUE"){
-				var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
+				var lUnsafeCharacters = /[\W]/g;
 				if (theForm.username.value.length > 15){
 						alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
 						return false;

diff --git a/html5-storage.php b/html5-storage.php
@@ -96,7 +96,7 @@ interface Storage {
 			var lKey = theForm.DOMStorageKey.value;
 			var lItem = theForm.DOMStorageItem.value;
 			var lType = "";
-			var lUnacceptableKeyPattern = "[^A-Za-z0-9]";
+			var lUnacceptableKeyPattern = "[\W]";
 
 			if (gUseJavaScriptValidation == "TRUE" && lKey.match(lUnacceptableKeyPattern)){
 				setMessage("Unable to add key " + lKey.toString() + " because it contains non-alphanumeric characters");

diff --git a/includes/constants.php b/includes/constants.php
@@ -2,7 +2,7 @@
 	/* ------------------------------------------
 	 * @VERSION
 	 * ------------------------------------------*/
-	$C_VERSION = "2.11.7";
+	$C_VERSION = "2.11.8";
 	$C_VERSION_STRING = "Version: " . $C_VERSION;
 	$C_MAX_HINT_LEVEL = 1;
 

diff --git a/login.php b/login.php
@@ -46,7 +46,7 @@
 	function onSubmitOfLoginForm(/*HTMLFormElement*/ theForm){
 		try{
 			if(lValidateInput == "TRUE"){
-				var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
+				var lUnsafeCharacters = /[\W]/g;
 				if (theForm.username.value.length > 15){
 						alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
 						return false;

diff --git a/register.php b/register.php
@@ -113,7 +113,7 @@
 	function onSubmitOfForm(/*HTMLFormElement*/ theForm){
 		try{
 			if(lValidateInput == "TRUE"){
-				var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
+				var lUnsafeCharacters = /[\W]/g;
 				if (theForm.username.value.length > 15 || 
 					theForm.password.value.length > 15){
 						alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');

diff --git a/user-info-xpath.php b/user-info-xpath.php
@@ -76,7 +76,7 @@
 
 	function onSubmitOfForm(/*HTMLFormElement*/ theForm){
 		try{
-			var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
+			var lUnsafeCharacters = /[\W]/g;
 
 			if(lValidateInput == "TRUE"){
 				if (theForm.username.value.length > 15){

diff --git a/user-info.php b/user-info.php
@@ -62,14 +62,14 @@
 
 	function onSubmitOfForm(/*HTMLFormElement*/ theForm){
 		try{
-			var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
+			var lUnsafeCharacters = /[\W]/g;
 
 			if(lValidateInput == "TRUE"){
 				if (theForm.username.value.length > 15){
 						alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
 						return false;
 				}// end if
-				
+
 				if (theForm.username.value.search(lUnsafeCharacters) > -1){
 						alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.');
 						return false;