#137 fixed xss on login

2 files changed, 12 insertions, 4 deletions

diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 523685df..a69c288c 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -1,6 +1,14 @@
 <?php
 
 /**
+ * Strip unwanted characters from a users nick.
+ * @param string $nick
+ */
+function User_validate_Nick($nick) {
+  return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);
+}
+
+/**
  * Returns user by id.
  *
  * @param $id UID
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index cd77d9fc..1a8465dc 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -40,8 +40,8 @@ function guest_register() {
   if (isset($_REQUEST['submit'])) {
     $ok = true;
     
-    if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
-      $nick = strip_request_item('nick');
+    if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
+      $nick = User_validate_Nick($_REQUEST['nick']);
       if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
         $ok = false;
         $msg .= error(sprintf(_("Your nick &quot;%s&quot; already exists."), $nick), true);
@@ -178,8 +178,8 @@ function guest_login() {
   if (isset($_REQUEST['submit'])) {
     $ok = true;
     
-    if (isset($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) {
-      $nick = strip_request_item('nick');
+    if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
+      $nick = User_validate_Nick($_REQUEST['nick']);
       $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
       if (count($login_user) > 0) {
         $login_user = $login_user[0];