From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 19 Apr 2023 12:54:33 +0000 (+0200)
Subject: Require usernames to be valid UTF-8
X-Git-Tag: 6.0.0_Alpha_1~231^2~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0cc6aa56c26c3f911cde949aba6c0e5191c2ced3;p=GitHub%2FWoltLab%2FWCF.git

Require usernames to be valid UTF-8
---

diff --git a/wcfsetup/install/files/lib/util/UserUtil.class.php b/wcfsetup/install/files/lib/util/UserUtil.class.php
index d8487459a5..cbb89c476b 100644
--- a/wcfsetup/install/files/lib/util/UserUtil.class.php
+++ b/wcfsetup/install/files/lib/util/UserUtil.class.php
@@ -24,10 +24,14 @@ final class UserUtil
             return false;
         }
 
-        // check illegal characters
-        if (!\preg_match('/^[^\x00-\x19,]+$/', $name)) {
+        // Check for invalid bytes:
+        // (a) ASCII control characters (0x00 - 0x19) are unacceptable.
+        // (b) The comma is unacceptable (used as a separator in lists).
+        // (c) Invalid UTF-8 sequences are unacceptable.
+        if (!\preg_match('/^[^\x00-\x19,]+$/u', $name)) {
             return false;
         }
+
         // check long words
         $words = \preg_split('!\s+!', $name, -1, \PREG_SPLIT_NO_EMPTY);
         foreach ($words as $word) {