summaryrefslogtreecommitdiffstats
path: root/pages/cp.php
diff options
context:
space:
mode:
Diffstat (limited to 'pages/cp.php')
-rw-r--r--pages/cp.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/pages/cp.php b/pages/cp.php
index 0f355f4..88c391a 100644
--- a/pages/cp.php
+++ b/pages/cp.php
@@ -34,9 +34,11 @@ include('./includes/maps.php');
include_once('./includes/sqlEmbedded.php');
include_once('./includes/chats.php');
+define('NAME_MAX_LENGTH', 25);
+
function validatename($name) {
if (strlen($name) < 1) return "Name to short";
- if (strlen($name) > 25) return "Name is too long (".strlen($name)."/25)";
+ if (strlen($name) > NAME_MAX_LENGTH) return "Name is too long (".strlen($name)."/25)";
if (!preg_match("~[a-zA-Z0-9]\b~", $name)) return "Must contain atleast 1 Alpha-Numerical character";
return true;
@@ -75,8 +77,9 @@ if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') {
$nameError = validatename($inputname);
//$inputname = htmlentities($inputname);
- $inputname = htmlspecialchars($inputname, ENT_COMPAT | ENT_HTML5);
$inputname = filterStringForBadLanguage($inputname);
+ $inputname = substr($inputname, 0, NAME_MAX_LENGTH); //Prevent chat filter from increasing name length too much
+ $inputname = htmlspecialchars($inputname, ENT_COMPAT | ENT_HTML5);
$inputname = str_replace(" ", "&nbsp;&nbsp;", $inputname);
if ($nameError === true) {
generated by cgit v1.2.3 (git 2.46.0) at 2025-06-28 23:39:00 +0000