diff --git a/titanembeds/blueprints/api/api.py b/titanembeds/blueprints/api/api.py index 9b394cb..6ef8676 100644 --- a/titanembeds/blueprints/api/api.py +++ b/titanembeds/blueprints/api/api.py @@ -274,8 +274,11 @@ def create_unauthenticated_user(): username = request.form['username'] guild_id = request.form['guild_id'] ip_address = get_client_ipaddr() + username = username.strip() if len(username) < 2 or len(username) > 32: abort(406) + if not all(x.isalpha() or x.isspace() or "-" == x or "_" == x for x in username): + abort(406) if not check_guild_existance(guild_id): abort(404) if not guild_query_unauth_users_bool(guild_id): diff --git a/titanembeds/static/js/embed.js b/titanembeds/static/js/embed.js index 4d139b5..46037d3 100644 --- a/titanembeds/static/js/embed.js +++ b/titanembeds/static/js/embed.js @@ -341,20 +341,28 @@ $("#discordlogin_btn").click(function() { }); $("#custom_username_field").keyup(function(event){ - if(event.keyCode == 13 && $(this).val().length >= 2 && $(this).val().length <= 32) { - lock_login_fields(); - var usr = create_unauthenticated_user($(this).val()); - usr.done(function(data) { - initialize_embed(); - }); - usr.fail(function(data) { - if (data.status == 429) { - Materialize.toast('Sorry! You are allowed to log in as a guest once every 15 minutes.', 10000); - } else if (data.status == 403) { - Materialize.toast('Authentication error! You have been banned.', 10000); - } - unlock_login_fields(); - }) + if (event.keyCode == 13) { + if (!(new RegExp(/^[a-z\d\-_\s]+$/i).test($(this).val()))) { + Materialize.toast('Illegal username provided! Only alphanumeric, spaces, dashes, and underscores allowed in usernames.', 10000); + return; + } + if($(this).val().length >= 2 && $(this).val().length <= 32) { + lock_login_fields(); + var usr = create_unauthenticated_user($(this).val()); + usr.done(function(data) { + initialize_embed(); + }); + usr.fail(function(data) { + if (data.status == 429) { + Materialize.toast('Sorry! You are allowed to log in as a guest once every 15 minutes.', 10000); + } else if (data.status == 403) { + Materialize.toast('Authentication error! You have been banned.', 10000); + } else if (data.status == 406) { + Materialize.toast('Illegal username provided! Only alphanumeric, spaces, dashes, and underscores allowed in usernames.', 10000); + } + unlock_login_fields(); + }) + } } });