From d9d42c7cea28ef6e1dde2ff894fc1be9b0b4bbe0 Mon Sep 17 00:00:00 2001
From: Yusuf Davids <yusuf@knowledgetree.com>
Date: Thu, 1 Nov 2007 07:55:46 +0000
Subject: [PATCH] KTS-447 "Validation improvements needed when adding a user or group" Fixed. Added the preg match function to check for special characters.

---
 plugins/ktcore/admin/userManagement.php | 10 ++++++++++
 1 file changed, 10 insertions(+), 0 deletions(-)

diff --git a/plugins/ktcore/admin/userManagement.php b/plugins/ktcore/admin/userManagement.php
index 6b20e27..f97bb17 100755
--- a/plugins/ktcore/admin/userManagement.php
+++ b/plugins/ktcore/admin/userManagement.php
@@ -500,11 +500,21 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
             $this->errorRedirectTo('addUser', _kt("The passwords you specified do not match."), sprintf("old_search=%s&do_search=1", $old_search));
         }
         
+        if(preg_match('/[\!\$\#\%\^\&\*]/', $username)){
+        	$this->errorRedirectTo('addUser', _kt("You have entered an invalid character in your username."));
+        }
+        
+        if(preg_match('/[\!\$\#\%\^\&\*]/', $name)){
+        	$this->errorRedirectTo('addUser', _kt("You have entered an invalid character in your name."));
+        }
+        
         $dupUser =& User::getByUserName($username);
         if(!PEAR::isError($dupUser)) {
             $this->errorRedirectTo('addUser', _kt("A user with that username already exists"));
         }
         
+        
+        
         $oUser =& User::createFromArray(array(
             "sUsername" => $username,
             "sName" => $name,
--
libgit2 0.21.4