Support usernames containing brackets (#3365)

* wrapped $user in preg_quote function * updated auth test for special character in username Co-authored-by: Léo Colombaro <git@colombaro.fr> Co-authored-by: ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org>
2023-02-11 08:26:37 -08:00 · 2023-02-11 08:26:37 -08:00 · f2971a1a35
commit f2971a1a35
parent 2efcb9e93a
2 changed files with 2 additions and 1 deletions
--- a/includes/functions-auth.php
+++ b/includes/functions-auth.php
@ -213,7 +213,7 @@ function yourls_hash_passwords_now( $config_file ) {
 			// PHP would interpret $ as a variable, so replace it in storage.
 			$hash = str_replace( '$', '!', $hash );
 			$quotes = "'" . '"';
-			$pattern = "/[$quotes]{$user}[$quotes]\s*=>\s*[$quotes]" . preg_quote( $password, '/' ) . "[$quotes]/";
+			$pattern = "/[$quotes]" . preg_quote( $user, '/' ) . "[$quotes]\s*=>\s*[$quotes]" . preg_quote( $password, '/' ) . "[$quotes]/";
 			$replace = "'$user' => 'phpass:$hash' /* Password encrypted by YOURLS */ ";
 			$count = 0;
 			$configdata = preg_replace( $pattern, $replace, $configdata, -1, $count );
--- a/tests/data/auth/config-test-auth.php
+++ b/tests/data/auth/config-test-auth.php
@ -8,5 +8,6 @@ $yourls_user_passwords = array(
    'quote1'  => '"ahah"',
    'quote2'  => "'ahah'",
    'utf8fun' => 'أنا أحب النقانق',
+    's[p]e(c)i{a}!@#$%^&*-=l<>,/?' => 'password',
 	);