Commit fd9571f9 authored by Richard Mansfield's avatar Richard Mansfield Committed by Gerrit Code Review

Merge "Increase length of username column to 255"

parents da256ff0 5f1ad871
...@@ -132,6 +132,26 @@ class AuthInternal extends Auth { ...@@ -132,6 +132,26 @@ class AuthInternal extends Auth {
public function is_username_valid($username) { public function is_username_valid($username) {
return preg_match('/^[a-zA-Z0-9!@#$%^&*()\-_=+\[{\]}\\|;:\'",<\.>\/?`]{3,30}$/', $username); return preg_match('/^[a-zA-Z0-9!@#$%^&*()\-_=+\[{\]}\\|;:\'",<\.>\/?`]{3,30}$/', $username);
} }
/**
* Internal authentication allows most standard us-keyboard-typable characters
* for username, as long as the username is between three and 236
* characters in length.
*
* This method is NOT part of the authentication API. Other authentication
* methods never have to do anything regarding usernames being validated on
* the Mahara side, so they do not need this method.
*
* This method is meant to only be called for validation by an admin of the user
* and is able to set a password longer than thirty characters in length
*
* @param string $username The username to check
* @return bool Whether the username is valid
*/
public function is_username_valid_admin($username) {
return preg_match('/^[a-zA-Z0-9!@#$%^&*()\-_=+\[{\]}\\|;:\'",<\.>\/?`]{3,236}$/', $username);
}
/** /**
* Changes the user's username. * Changes the user's username.
...@@ -144,10 +164,19 @@ class AuthInternal extends Auth { ...@@ -144,10 +164,19 @@ class AuthInternal extends Auth {
* @return string The new username, or the original username if it could not be set * @return string The new username, or the original username if it could not be set
*/ */
public function change_username(User $user, $username) { public function change_username(User $user, $username) {
global $USER;
$this->must_be_ready(); $this->must_be_ready();
// proposed username must pass validation // proposed username must pass validation
if ($this->is_username_valid($username)) { $valid = false;
if ($USER->is_admin_for_user($user)) {
$valid = $this->is_username_valid_admin($username);
} else {
$valid = $this->is_username_valid($username);
}
if ($valid) {
$user->username = $username; $user->username = $username;
$user->commit(); $user->commit();
} }
......
...@@ -76,7 +76,7 @@ ...@@ -76,7 +76,7 @@
<TABLE NAME="usr"> <TABLE NAME="usr">
<FIELDS> <FIELDS>
<FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true"/> <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true"/>
<FIELD NAME="username" TYPE="char" LENGTH="100" NOTNULL="true"/> <FIELD NAME="username" TYPE="char" LENGTH="255" NOTNULL="true"/>
<FIELD NAME="password" TYPE="char" LENGTH="40" NOTNULL="true"/> <FIELD NAME="password" TYPE="char" LENGTH="40" NOTNULL="true"/>
<FIELD NAME="salt" TYPE="char" LENGTH="8"/> <FIELD NAME="salt" TYPE="char" LENGTH="8"/>
<FIELD NAME="passwordchange" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0"/> <FIELD NAME="passwordchange" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0"/>
......
...@@ -2262,5 +2262,12 @@ function xmldb_core_upgrade($oldversion=0) { ...@@ -2262,5 +2262,12 @@ function xmldb_core_upgrade($oldversion=0) {
} }
} }
if ($oldversion < 2011050600) {
$table = new XMLDBTable('usr');
$field = new XMLDBField('username');
$field->setAttributes(XMLDB_TYPE_CHAR, 255, null, XMLDB_NOTNULL);
change_field_precision($table, $field);
}
return $status; return $status;
} }
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
defined('INTERNAL') || die(); defined('INTERNAL') || die();
$config = new StdClass; $config = new StdClass;
$config->version = 2011050300; $config->version = 2011050600;
$config->release = '1.4.0alpha2dev'; $config->release = '1.4.0alpha2dev';
$config->minupgradefrom = 2008040200; $config->minupgradefrom = 2008040200;
$config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)'; $config->minupgraderelease = '1.0.0 (release tag 1.0.0_RELEASE)';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment