From b5a4b4980a1284f55d9a4c833f6892aaeb707406 Mon Sep 17 00:00:00 2001 From: Adarnof Date: Sun, 29 Nov 2015 01:57:35 +0000 Subject: [PATCH] Scrubs usernames on registration allowing only letters, numbers and underscores. Should prevent issue #46 from appearing on new installs. --- registration/forms.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/registration/forms.py b/registration/forms.py index 9a6b8324..da570c7c 100644 --- a/registration/forms.py +++ b/registration/forms.py @@ -1,5 +1,6 @@ from django import forms from django.contrib.auth.models import User +import re class RegistrationForm(forms.Form): @@ -11,7 +12,7 @@ class RegistrationForm(forms.Form): def clean(self): if ' ' in self.cleaned_data['username']: - raise forms.ValidationError(u'Username can not contain a space') + raise forms.ValidationError(u'Username cannot contain a space') # We attempt to get the user object if we succeed we know email as been used try: @@ -20,6 +21,9 @@ class RegistrationForm(forms.Form): except: pass + if not re.match("^\w+$", self.cleaned_data['username']): + raise forms.ValidationError(u'Username contains illegal characters') + if 'password' in self.cleaned_data and 'password_again' in self.cleaned_data: if self.cleaned_data['password'] != self.cleaned_data['password_again']: raise forms.ValidationError(u'Passwords do not match')