Revert "Blacklist all files and directories in the web root (INSTALLDIR). Much more...

This reverts commit 15f9c80c28042a5f9d51ec8444e3c9c475360481.

So, so, elegant! And so, so, incorrect!

We can't have a user named 'notice' because that would interfere with
URLs like /notice/1234. However, there is no file named 'notice' in
the Web root.

If there were a way to automatically pull out the virtual paths in the
root dir, this may make sense. Until then, we keep track here.

diff --git a/classes/User.php b/classes/User.php
index 007662131c70a0a44702f1caa114e38f680d1ba5..7ab9f307aeb40cbcb71966e33a9b8233fdeee351 100644 (file)
--- a/classes/User.php
+++ b/classes/User.php
@@ -120,15 +120,11 @@ class User extends Memcached_DataObject
     function allowed_nickname($nickname)
     {
         // XXX: should already be validated for size, content, etc.
-
-        $blacklist = array();
-
-        //all directory and file names should be blacklisted
-        $d = dir(INSTALLDIR);
-        while (false !== ($entry = $d->read())) {
-            $blacklist[]=$entry;
-        }
-        $d->close();
+        static $blacklist = array('rss', 'xrds', 'doc', 'main',
+                                  'settings', 'notice', 'user',
+                                  'search', 'avatar', 'tag', 'tags',
+                                  'api', 'message', 'group', 'groups',
+                                  'local');
         $merged = array_merge($blacklist, common_config('nickname', 'blacklist'));
         return !in_array($nickname, $merged);
     }