diff --git a/modules/feature-user-table.php b/modules/feature-user-table.php index daef63a..ade12a7 100644 --- a/modules/feature-user-table.php +++ b/modules/feature-user-table.php @@ -76,7 +76,7 @@ register_module([ if(!$env->is_admin) { http_response_code(401); - exit(page_renderer::render_main("Error - Unauthorised - $settings->sitename", "

Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); + exit(page_renderer::render_main("Error: Unauthorised - Add User - $settings->sitename", "

Only moderators (or better) may create users. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } if(!isset($_POST["user"])) { @@ -88,7 +88,14 @@ register_module([ $new_username = $_POST["user"]; $new_email = $_POST["email"] ?? null; - // TODO: Validate & sanitize username / email + if(preg_match('/[^0-9a-zA-Z\-_]/', $new_username) !== 0) { + http_response_code(400); + exit(page_renderer::render_main("Error: Invalid Username - Add User - $settings->sitename", "

The username " . htmlentities($new_username) . " contains some invalid characters. Only a-z, A-Z, 0-9, -, and _ are allowed in usernames. Go back.

")); + } + if(!empty($new_email) && !filter_var($new_email, FILTER_VALIDATE_EMAIL)) { + http_response_code(400); + exit(page_renderer::render_main("Error: Invalid Email Address - Add User - $settings->sitename", "

The email address " . htmlentities($new_email) . " appears to be invalid. Go back.

")); + } $new_password = generate_password($settings->new_password_length);