Commit 3a9a7f3d authored by drumm's avatar drumm
Browse files

Fix git username validation

parent 1eb88c35
......@@ -249,6 +249,7 @@ function _drupalorg_git_gateway_username_set($account) {
'#type' => 'textfield',
'#title' => t('Requested Git username'),
'#required' => TRUE,
'#element_validate' => ['drupalorg_git_gateway_username_validate'],
'#maxlength' => 64,
'#default_value' => $account->git_username ?: $account->name,
'#description' => t('Can contain A-Z letters, numbers, periods, underscores, and dashes. Can not start with a dash; or end with a dash, dot, <code>.git</code>, or <code>.atom</code>.'),
......@@ -352,27 +353,29 @@ function drupalorg_git_gateway_user_form_base_validate($form, &$form_state) {
$form_state['git_consent'] = $form_state['account']->git_consent;
}
}
}
// If the git_username field is present, do some validation.
if (isset($form['username']['git_username'])) {
// Ensure the requested ID isn't taken.
if ($uid = db_query("SELECT uid FROM {users} WHERE git_username = :git_username AND uid <> :uid", array(':git_username' => $form_state['values']['git_username'], ':uid' => $form_state['account']->uid))->fetchField()) {
form_set_error('git_username', t('The requested Git username is already taken.'));
}
// And is a valid pattern. Adapted from NAMESPACE_FORMAT_REGEX in
// https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/path_regex.rb
// and project_name_regex in
// https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/regex.rb
// since Git usernames are used in sandbox project names.
elseif (!preg_match('/^(?:[a-zA-Z0-9_][a-zA-Z0-9_\-\.]*[a-zA-Z0-9_\-]|[a-zA-Z0-9_])(?<!\.git|\.atom)$/', $form_state['values']['git_username'])) {
form_set_error('git_username', t('The requested username contains invalid characters.'));
}
elseif (in_array(drupal_strtolower($form_state['values']['git_username']), variable_get('drupalorg_git_reserved_names', []))) {
form_set_error('git_username', t('The requested username is reserved, please choose a different Git username.'));
}
elseif (preg_match('/\.([^.]*)$/', $form_state['values']['git_username'], $match) && in_array($match[1], ['html', 'xhtml', 'text', 'txt', 'js', 'css', 'ics', 'csv', 'vcf', 'vtt', 'png', 'jpeg', 'jpg', 'jpe', 'pjpeg', 'gif', 'bmp', 'tiff', 'tif', 'svg', 'mpeg', 'mpg', 'mpe', 'mp3', 'mp1', 'mp2', 'ogg', 'oga', 'spx', 'opus', 'm4a', 'mpg4', 'aac', 'webm', 'mp4', 'm4v', 'otf', 'ttf', 'woff', 'woff2', 'xml', 'rss', 'atom', 'yaml', 'yml', 'multipart_form', 'url_encoded_form', 'pdf', 'zip', 'gzip', 'gz', 'diff', 'patch', 'markdown', 'md', 'mov', 'ogv', 'json', 'ico'])) {
form_set_error('git_username', t('The requested username is reserved, please choose a different Git username.'));
}
/**
* Element validate callback.
*/
function drupalorg_git_gateway_username_validate($element, $form_state) {
// Ensure the requested ID isn't taken.
if ($uid = db_query("SELECT uid FROM {users} WHERE git_username = :git_username AND uid <> :uid", [':git_username' => $element['#value'], ':uid' => $form_state['account']->uid])->fetchField()) {
form_set_error('git_username', t('The requested Git username is already taken.'));
}
// And is a valid pattern. Adapted from NAMESPACE_FORMAT_REGEX in
// https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/path_regex.rb
// and project_name_regex in
// https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/regex.rb
// since Git usernames are used in sandbox project names.
elseif (!preg_match('/^(?:[a-zA-Z0-9_][a-zA-Z0-9_\-\.]*[a-zA-Z0-9_\-]|[a-zA-Z0-9_])(?<!\.git|\.atom)$/', $element['#value'])) {
form_set_error('git_username', t('The requested username contains invalid characters.'));
}
elseif (in_array(drupal_strtolower($element['#value']), variable_get('drupalorg_git_reserved_names', []))) {
form_set_error('git_username', t('The requested username is reserved, please choose a different Git username.'));
}
elseif (preg_match('/\.([^.]*)$/', $element['#value'], $match) && in_array($match[1], ['html', 'xhtml', 'text', 'txt', 'js', 'css', 'ics', 'csv', 'vcf', 'vtt', 'png', 'jpeg', 'jpg', 'jpe', 'pjpeg', 'gif', 'bmp', 'tiff', 'tif', 'svg', 'mpeg', 'mpg', 'mpe', 'mp3', 'mp1', 'mp2', 'ogg', 'oga', 'spx', 'opus', 'm4a', 'mpg4', 'aac', 'webm', 'mp4', 'm4v', 'otf', 'ttf', 'woff', 'woff2', 'xml', 'rss', 'atom', 'yaml', 'yml', 'multipart_form', 'url_encoded_form', 'pdf', 'zip', 'gzip', 'gz', 'diff', 'patch', 'markdown', 'md', 'mov', 'ogv', 'json', 'ico'])) {
form_set_error('git_username', t('The requested username is reserved, please choose a different Git username.'));
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment