xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(admin): route password/protection pages and align username validation (#257)

Browse Source
This commit is contained in:
Ferywir
2026-06-23 05:55:13 +02:00
committed by GitHub
parent e49069a9c6
commit b880622fd1
2 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Admin/Mods/editUsername.php
+12 -1
View File
@@ -60,7 +60,18 @@ if (!$admin || (int)$admin['access'] !== 9) {
// ---------------------------------------------------------------------------
// Validare username
// ---------------------------------------------------------------------------
if (strlen($username) < 3 || strlen($username) > 20 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
// Mirror the sign-up rule (Account.php, issue #184) so an admin can rename a
// player to any name registration would accept. The allowed character set
// depends on USRNM_SPECIAL: when on, letters/digits/.-_ and single internal
// spaces; when off, ASCII alphanumerics only.
$usernameSpecial = defined('USRNM_SPECIAL') ? USRNM_SPECIAL : false;
$minLen = defined('USRNM_MIN_LENGTH') ? USRNM_MIN_LENGTH : 3;
$maxLen = defined('USRNM_MAX_LENGTH') ? USRNM_MAX_LENGTH : 15;
$charsOk = $usernameSpecial
? (bool)preg_match('/^[A-Za-z0-9._-]+(?: [A-Za-z0-9._-]+)*$/D', $username)
: !preg_match('/[^0-9A-Za-z]/', $username);
if (strlen($username) < $minLen || strlen($username) > $maxLen || !$charsOk) {
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid");
exit;
}