X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=install.php;h=8a299f89755bc13d2c51466c85681d3f90f7c1aa;hb=878461d50d36808fa812e0d4a0e1784e31dbbd6f;hp=fbedbaf0179a254406d0b8ef0f12020a0653f476;hpb=053aafe5fbd1a0026831c28bf8b382ff44bb9de6;p=quix0rs-gnu-social.git

diff --git a/install.php b/install.php
index fbedbaf017..8a299f8975 100644
--- a/install.php
+++ b/install.php
@@ -589,7 +589,7 @@ function handlePost()
     $sitename = $_POST['sitename'];
     $fancy    = !empty($_POST['fancy']);
 
-    $adminNick = $_POST['admin_nickname'];
+    $adminNick = strtolower($_POST['admin_nickname']);
     $adminPass = $_POST['admin_password'];
     $adminPass2 = $_POST['admin_password2'];
     $adminEmail = $_POST['admin_email'];
@@ -630,6 +630,19 @@ STR;
         updateStatus("No initial StatusNet user nickname specified.", true);
         $fail = true;
     }
+    if ($adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $adminNick)) {
+        updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
+                     '" is invalid; should be plain letters and numbers no longer than 64 characters.', true);
+        $fail = true;
+    }
+    // @fixme hardcoded list; should use User::allowed_nickname()
+    // if/when it's safe to have loaded the infrastructure here
+    $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook');
+    if (in_array($adminNick, $blacklist)) {
+        updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
+                     '" is reserved.', true);
+        $fail = true;
+    }
 
     if (empty($adminPass)) {
         updateStatus("No initial StatusNet user password specified.", true);
@@ -891,7 +904,7 @@ function registerInitialUser($nickname, $password, $email, $adminUpdates)
 
     if (class_exists('Ostatus_profile') && $adminUpdates) {
         try {
-            $oprofile = Ostatus_profile::ensureProfile('http://update.status.net/');
+            $oprofile = Ostatus_profile::ensureProfileURL('http://update.status.net/');
             Subscription::start($user->getProfile(), $oprofile->localProfile());
             updateStatus("Set up subscription to <a href='http://update.status.net/'>update@status.net</a>.");
         } catch (Exception $e) {