#137 fixed xss on login

author: Philip Häusler <msquare@notrademark.de> 2013-12-27 19:45:50 +0100
committer: Philip Häusler <msquare@notrademark.de> 2013-12-27 19:45:50 +0100
commit: 9da2ff6f9f8a422b17b45e4ec2eb4cd26c5669e9 (patch)
tree: adc61a0095addf05f480bc54f006c6a72dc6e684 /includes/model/User_model.php
parent: 9d709b2a7349fc5b2ad9d84ddc36c505cccafed1 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 523685df..a69c288c 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -1,6 +1,14 @@
 <?php
 
 /**
+ * Strip unwanted characters from a users nick.
+ * @param string $nick
+ */
+function User_validate_Nick($nick) {
+  return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);
+}
+
+/**
  * Returns user by id.
  *
  * @param $id UID
author	Philip Häusler <msquare@notrademark.de>	2013-12-27 19:45:50 +0100
committer	Philip Häusler <msquare@notrademark.de>	2013-12-27 19:45:50 +0100
commit	9da2ff6f9f8a422b17b45e4ec2eb4cd26c5669e9 (patch)
tree	adc61a0095addf05f480bc54f006c6a72dc6e684 /includes/model/User_model.php
parent	9d709b2a7349fc5b2ad9d84ddc36c505cccafed1 (diff)