Better checks during User::register and improved Nickname checks

[quix0rs-gnu-social.git] / classes / User.php

diff --git a/classes/User.php b/classes/User.php
index 1508ed97b2ca1bf3ec184218155a0fe756751a77..33fabf829621860366992e7b335501d2fb6fe526 100644 (file)
--- a/classes/User.php
+++ b/classes/User.php
@@ -177,38 +177,6 @@ class User extends Managed_DataObject
         return $result;
     }
 
-    /**
-     * Check whether the given nickname is potentially usable, or if it's
-     * excluded by any blacklists on this system.
-     *
-     * WARNING: INPUT IS NOT VALIDATED OR NORMALIZED. NON-NORMALIZED INPUT
-     * OR INVALID INPUT MAY LEAD TO FALSE RESULTS.
-     *
-     * @param string $nickname
-     * @return boolean true if clear, false if blacklisted
-     */
-    static function allowed_nickname($nickname)
-    {
-        // XXX: should already be validated for size, content, etc.
-        $blacklist = common_config('nickname', 'blacklist');
-
-        //all directory and file names should be blacklisted
-        $d = dir(INSTALLDIR);
-        while (false !== ($entry = $d->read())) {
-            $blacklist[]=$entry;
-        }
-        $d->close();
-
-        //all top level names in the router should be blacklisted
-        $router = Router::get();
-        foreach(array_keys($router->m->getPaths()) as $path){
-            if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){
-                $blacklist[]=$matches[1];
-            }
-        }
-        return !in_array($nickname, $blacklist);
-    }
-
     /**
      * Get the most recent notice posted by this user, if any.
      *
@@ -258,19 +226,18 @@ class User extends Managed_DataObject
 
         $profile = new Profile();
 
-        if(!empty($email))
-        {
+        if (!empty($email)) {
             $email = common_canonical_email($email);
         }
 
-        $nickname = common_canonical_nickname($nickname);
-        $profile->nickname = $nickname;
-        if(! User::allowed_nickname($nickname)){
-            common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname),
-                       __FILE__);
+        try {
+            $profile->nickname = Nickname::normalize($nickname, true);
+        } catch (NicknameException $e) {
+            common_log(LOG_WARNING, sprintf('Bad nickname during User registration for %s: %s', $profile->nickname, $e->getMessage()), __FILE__);
             return false;
         }
-        $profile->profileurl = common_profile_url($nickname);
+
+        $profile->profileurl = common_profile_url($profile->nickname);
 
         if (!empty($fullname)) {
             $profile->fullname = $fullname;
@@ -298,7 +265,7 @@ class User extends Managed_DataObject
 
         $user = new User();
 
-        $user->nickname = $nickname;
+        $user->nickname = $profile->nickname;
 
         $invite = null;
 
@@ -338,7 +305,6 @@ class User extends Managed_DataObject
             $profile->query('BEGIN');
 
             $id = $profile->insert();
-
             if (empty($id)) {
                 common_log_db_error($profile, 'INSERT', __FILE__);
                 return false;
@@ -360,6 +326,7 @@ class User extends Managed_DataObject
 
             if (!$result) {
                 common_log_db_error($user, 'INSERT', __FILE__);
+                $profile->query('ROLLBACK');
                 return false;
             }
 
@@ -388,6 +355,7 @@ class User extends Managed_DataObject
 
             if (!$result) {
                 common_log_db_error($subscription, 'INSERT', __FILE__);
+                $profile->query('ROLLBACK');
                 return false;
             }
 
@@ -409,6 +377,7 @@ class User extends Managed_DataObject
 
                 if (!$result) {
                     common_log_db_error($confirm, 'INSERT', __FILE__);
+                    $profile->query('ROLLBACK');
                     return false;
                 }
             }