From d9fd270d698996d36749cfb0b66a259a68d1f92e Mon Sep 17 00:00:00 2001
From: Andrey Kutejko <andy128k@gmail.com>
Date: Mon, 6 Apr 2015 20:50:16 +0300
Subject: [PATCH] auth admin: validate username

---
 ipf/auth/admin.php       |  3 ++-
 ipf/form/field/regex.php | 24 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 ipf/form/field/regex.php

diff --git a/ipf/auth/admin.php b/ipf/auth/admin.php
index 380dc46..e7fe4e2 100644
--- a/ipf/auth/admin.php
+++ b/ipf/auth/admin.php
@@ -32,11 +32,12 @@ class UserForm extends \IPF_ObjectForm
     {
         $this->isAdd = $extra['is_add'];
 
-        $this->fields['username'] = new \IPF_Form_Field_Varchar(array(
+        $this->fields['username'] = new \IPF_Form_Field_Regex(array(
             'required'    => true,
             'max_length'  => 32,
             'label'       => __('Username'),
             'help_text'   => __('Required. 32 characters or less. Alphanumeric characters only (letters, digits and underscores).'),
+            'regex'       => '/^[a-zA-Z0-9_]{1,32}$/',
         ));
 
         $this->fields['password1'] = new \IPF_Form_Field_Varchar(array(
diff --git a/ipf/form/field/regex.php b/ipf/form/field/regex.php
new file mode 100644
index 0000000..a530dff
--- /dev/null
+++ b/ipf/form/field/regex.php
@@ -0,0 +1,24 @@
+<?php
+
+class IPF_Form_Field_Regex extends IPF_Form_Field
+{
+    public $widget = 'IPF_Form_Widget_TextInput';
+    public $regex = '/.*/';
+    public $error_message = null;
+
+    public function clean($value)
+    {
+        parent::clean($value);
+        if (in_array($value, $this->empty_values)) {
+            return '';
+        }
+        if (!preg_match($this->regex, $value)) {
+            $error_message = $this->error_message;
+            if (!$error_message)
+                $error_message = __('Invalid value');
+            throw new IPF_Exception_Form($error_message);
+        }
+        return $value;
+    }
+}
+
-- 
2.49.0