1 files changed, 47 insertions, 2 deletions

diff --git a/ctl.c b/ctl.c
index 712b31a..a3eb920 100644
--- a/ctl.c
+++ b/ctl.c
@@ -21,6 +21,23 @@ printdate(int timestamp)
 	printf(buf);
 }
 
+/* Print HTML-escaped string. */
+void
+printhtml(char *s)
+{
+	char *t;
+	
+	for(t = s; *t; t++)
+		switch(*t){
+		case '&': printf("&"); break;
+		case '\"': printf("""); break;
+		case '\'': printf("'"); break;
+		case '<': printf("&lt;"); break;
+		case '>': printf("&gt;"); break;
+		default: printf("%c", *t);
+		}
+}
+
 /*
  * The `new' functions provide a way to add a new attachment/post/user.
  * On GET, they show a form. On POST, they insert the posted information
@@ -39,6 +56,7 @@ newuser()
 {
 	char *confirm, *hlite, msg[128], *name, *full, *p, *pass, *v;
 	char title[] = "New User";
+	int i;
 	
 	*msg = 0;
 	confirm = hlite = name = full = pass = NULL;
@@ -73,8 +91,14 @@ newuser()
 	}
 	
 	/* Decode URL-encoded fields. */
+	if(name && *name)
+		name[urldecode(name, -1)] = 0;
+	if(full && *full)
+		full[urldecode(full, -1)] = 0;
+	if(pass && *pass)
+		pass[urldecode(pass, -1)] = 0;
 	
-	/* Restrain lengths of decoded fields. */
+	/* Constrain lengths of decoded fields. */
 	if(name && *name && strlen(name)-1 > MAXUSERNAME){
 		hlite = strdup("name");
 		snprintf(msg, 128, "Username longer than %d characters",
@@ -94,13 +118,34 @@ newuser()
 		goto err;
 	}
 	
+#define ISVIS(c) ((unsigned int)c >= 20)
+#define ISALNUM(c) (c>='A' && c<='Z' || c>='a' && c<='z' || c>='0' && c<='9')
+	
+	/* Constrain character sets. */
+	for(i = 0; name[i]; i++)
+		if(!ISVIS(name[i]) || !(name[i] == '_' || ISALNUM(name[i]))){
+			hlite = strdup("name");
+			snprintf(msg, 128,
+			    "Username may only contain ASCII letters, "
+			    "numbers and underscores.");
+			goto err;
+		}
+	for(i = 0; full[i]; i++)
+		if(!ISVIS(full[i])){
+			fprintf(stderr, "%d\n", full[i]);
+			hlite = strdup("full");
+			snprintf(msg, 128,
+			    "Full name may only contain visible characters");
+			goto err;
+		}
+
 	/* Ensure all required fields are there. */
 	if(!name || !*name || !pass || !*pass){
 		hlite = (!name || !*name)? strdup("name"): strdup("pass");
 		snprintf(msg, 128, "Required field missing");
 		goto err;
 	}
-	
+
 	if(pass && confirm && strcmp(pass, confirm) != 0){
 		snprintf(msg, 128, "Passwords do not match");
 		goto err;