Atomo64
Register FAQ Memberlist Search Atomo64 :: Technology for Everybody Forum Index

Atomo64 :: Technology for Everybody Forum Index » PHP Solutions (websites, x64, etc) » Soft Hyphen prevention MOD-patch for PHPBB
Post new topic  Reply to topic   printer-friendly view Remove Highlighting :: View previous topic :: View next topic 
Soft Hyphen prevention MOD-patch for PHPBB
PostPosted: January 28 2006 Reply with quote
Atomo64
Site Admin
 
Joined30 Jul 2004
Posts110
LocationA64VCity


Since this is problem is very important(and it is going to be exploited) I wrote a small MOD that prevents users to register/post with usernames that doesn't contain alphanumeric characters, nor - _.
I already submited this to the PHPBB security tracker, but while they take care of that, here it is:
Code:
##############################################################
## MOD Title: Soft Hyphen Prevention Patch [2.0.19]
## MOD Author: Atomo64 <atomo64@atomo64.tk> (Raphael) http://www.atomo64.tk
## MOD Description: This MOD prevents the users from using non alphanumeric characters(but allows '-' and '_')
## MOD Version: 0.0.2
##
## Installation Level: Easy
## Installation Time: <2 Minutes
## Files To Edit: posting.php,
##      includes/usercp_register.php,
##      language/lang_english/lang_main.php
## Included Files: N/A
## License: http://creativecommons.org/licenses/by-nc-sa/2.0/uk/ Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK
##############################################################
## For security purposes, please check: http://www.phpbb.com/mods/
## for the latest version of this MOD. Although MODs are checked
## before being allowed in the MODs Database there is no guarantee
## that there are no security problems within the MOD. No support
## will be given for MODs not found within the MODs Database which
## can be found at http://www.phpbb.com/mods/
##############################################################
## Author Notes:
## This is a temporal patch, since the soft hypen error is not on PHPBB code
##############################################################
## MOD History:
##
##   2006-01-28 - Version 0.0.2
##      - Fixed a bug when the user is registered(when posting)
##
##   2006-01-28 - Version 0.0.1
##      - First version
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################

#
#-----[ OPEN ]------------------------------------------
#
language/lang_english/lang_main.php
#
#-----[ FIND ]------------------------------------------
#
$lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted';
#
#-----[ AFTER, ADD ]------------------------------------------
#
$lang['Not_Good_Name']="Sorry, but the username contains not allowed characters";
#
#-----[ OPEN ]------------------------------------------
#
posting.php
#
#-----[ FIND ]------------------------------------------
#
      $username = ( !empty($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : '';
#
#-----[ AFTER, ADD ]------------------------------------------
#
      if (!empty($username)&&!preg_match("/^[a-zA-Z0-9_-]+$/", $username))
      {
         message_die(GENERAL_MESSAGE, $lang["Not_Good_Name"]);
      }
#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_register.php
#
#-----[ FIND ]------------------------------------------
#
      if ( empty($username) )
      {
         // Error is already triggered, since one field is empty.
         $error = TRUE;
      }
#
#-----[ AFTER, ADD ]------------------------------------------
#
      else if (!preg_match("/^[a-zA-Z0-9_-]+$/", $username))
      {
         message_die(GENERAL_MESSAGE, $lang["Not_Good_Name"]);
      }
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM


Notes: This prevention patch is unoficial, nobody from the phpBB team has verified this patch. And this is not a phpBB bug, the bug is on the browsers that doesn't display the soft hyphen character. This patch is just a way to prevent the users from your forums to use some characters.

EDIT: According to the specifications, this is not a browser bug, so this patch must be used, and it is the forums systems fault that a user can create an account with a username including a soft hyphen.

If you think that the prevention patch should just prevent the users from using the soft hyphen( 0xAD), instead of all other non alphanumeric characters, post here.

Thanks to Whitedust for the bug report.

_________________
[list]
[*]
[*]Shareaza: spyware and adware free, freeware P2P program, with gnutella, g2, edonkey and bittorrent support
[*] - Free High Quality Linux Hosting
[/list:u]
View user's profile Find all posts by Atomo64 Send private message   Visit poster's website Skype Name
PostPosted: January 28 2006 Reply with quote
martijn
New user
 
Joined20 Nov 2005
Posts12
LocationThe Netherlands


Thanks, will apply this to all my boards Wink
View user's profile Find all posts by martijn Send private message  
Soft Hyphen prevention MOD-patch for PHPBB
  Atomo64 :: Technology for Everybody Forum Index » PHP Solutions (websites, x64, etc)
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
 Post new topic  Reply to topic   printer-friendly view  


  -  
© 2004-2006 Atomo64  -  Powered by phpBB © phpBB Group
Theme designed for Trushkin.net | Themes Database.
Server Uptime: days hours minutes | Average Load: | Page created in 0.064 seconds with 11 SQL queries