From 4519ce26e2250cb233836296d292ddb7b3cf6346 Mon Sep 17 00:00:00 2001
From: Phallacy <Dragoonmac@gmail.com>
Date: Thu, 31 Jan 2019 00:24:53 -0800
Subject: Upgrade crypto provider, retarget better framework

---
 Emby.Server.Implementations/Library/UserManager.cs | 31 +++++++++++-----------
 1 file changed, 15 insertions(+), 16 deletions(-)

(limited to 'Emby.Server.Implementations/Library')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 05fce4542f..70639dad5f 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -4,6 +4,7 @@ using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Text;
+using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
 using MediaBrowser.Common.Events;
@@ -220,22 +221,20 @@ namespace Emby.Server.Implementations.Library
             }
         }
 
-        public bool IsValidUsername(string username)
-        {
-            // Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
-            foreach (var currentChar in username)
-            {
-                if (!IsValidUsernameCharacter(currentChar))
-                {
-                    return false;
-                }
-            }
-            return true;
-        }
-
-        private static bool IsValidUsernameCharacter(char i)
-        {
-            return !char.Equals(i, '<') && !char.Equals(i, '>');
+        public bool IsValidUsername(string username)
+        {
+            //The old way was dumb, we should make it less dumb, lets do so.
+            //This is some regex that matches only on unicode "word" characters, as well as -, _ and @
+            //In theory this will cut out most if not all 'control' characters which should help minimize any weirdness
+            string UserNameRegex = "^[\\w-'._@]*$";
+            // Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
+            return Regex.IsMatch(username, UserNameRegex);
+        }
+
+        private static bool IsValidUsernameCharacter(char i)
+        {
+            string UserNameRegex = "^[\\w-'._@]*$";
+            return Regex.IsMatch(i.ToString(), UserNameRegex);
         }
 
         public string MakeValidUsername(string username)
-- 
cgit v1.2.3