From 82d9bf5258a9627eac4c012f3d6f3e40036d0dee Mon Sep 17 00:00:00 2001
From: onefang
Date: Sun, 18 Aug 2019 15:45:43 +1000
Subject: Optimise account name validation.

---
 OpenSim/Server/Handlers/Web/WebServerConnector.cs | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'OpenSim')

diff --git a/OpenSim/Server/Handlers/Web/WebServerConnector.cs b/OpenSim/Server/Handlers/Web/WebServerConnector.cs
index cbfee3a..c4a0531 100644
--- a/OpenSim/Server/Handlers/Web/WebServerConnector.cs
+++ b/OpenSim/Server/Handlers/Web/WebServerConnector.cs
@@ -391,7 +391,8 @@ namespace OpenSim.Server.Handlers.Web
 		    if (("https://" + m_domain + ":" + m_https_port.ToString() + "/web/account.html") != headers["referer"].ToString())
 			errors.Add("Invalid referer.");
 
-		    validateName(false, fields, ref errors);
+		    // Include a check for god names if we are creating a new account.
+		    string[] names = validateName(("create" == doit) || ("confirm" == doit), fields, ref errors);
 
 		    if ("logout" == doit)
 		    {
@@ -400,7 +401,6 @@ namespace OpenSim.Server.Handlers.Web
 		    }
 		    else if (("create" == doit) || ("confirm" == doit))
 		    {
-			validateName(true, fields, ref errors);
 			validateEmail(fields, ref errors);
 			if ("confirm" == doit)
 			    validatePassword(fields, ref errors);
@@ -412,9 +412,7 @@ namespace OpenSim.Server.Handlers.Web
 			    // UserAccounts FirstName and LastName fields are both varchar(64) utf8_general_ci.
 			    // The MySQL docs say that the "_ci" bit means comparisons will be case insensitive.  So that should work fine.
 			    // No need for prepared SQL here, the names have already been checked.
-			    string[] names = fields["name"].ToString().Split(' ');
-			    long c = m_database.Count("UserAccounts", "FirstName = '" + names[0] + "' AND LastName = '" + names[1] + "'");
-			    if (0 != c)
+			    if (0 != m_database.Count("UserAccounts", "FirstName = '" + names[0] + "' AND LastName = '" + names[1] + "'"))
 				errors.Add("Pick a different name.");
 			    else if (("create" == doit))
 				reply["str_response_string"] = accountCreationPage(fields, body);
@@ -553,10 +551,10 @@ namespace OpenSim.Server.Handlers.Web
 		errors.Add("Can't find that email server, try a different email address.");
 	}
 
-	private void validateName(bool godCheck, Hashtable fields, ref List<string> errors)
+	private string[] validateName(bool godCheck, Hashtable fields, ref List<string> errors)
 	{
 	    Regex rgxName = new Regex("^[a-zA-Z0-9]+$");
-	    string[] names;
+	    string[] names = {"", ""};
 	    if ((null == fields["name"]) || ("" == fields["name"].ToString()))
 		errors.Add("Please supply an account name.");
 	    else
@@ -612,6 +610,7 @@ namespace OpenSim.Server.Handlers.Web
 		    }
 		}
 	    }
+	    return names;
 	}
 
 	private void validatePassword(Hashtable fields, ref List<string> errors)
-- 
cgit v1.1