From e622f7e6fa21771747cffe10d2dab4f2ef4ff167 Mon Sep 17 00:00:00 2001 From: Repellent Date: Thu, 9 Oct 2025 13:55:37 +0500 Subject: [PATCH] =?UTF-8?q?+=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?= =?UTF-8?q?=D0=BD=D0=B0=20=D0=BF=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA=D0=B0?= =?UTF-8?q?=20=D0=BD=D0=B0=20=D0=B7=D0=BF=D1=80=D0=B5=D1=89=D0=B5=D0=BD?= =?UTF-8?q?=D0=BD=D1=8B=D0=B5=20=D1=81=D0=B8=D0=BC=D0=B2=D0=BE=D0=BB=D1=8B?= =?UTF-8?q?=20<=20>=20\"=20'=20`=20=D0=B2=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB?= =?UTF-8?q?=D0=B5=20=D0=BF=D1=80=D0=B8=20=D0=B8=D0=BD=D1=81=D1=82=D0=B0?= =?UTF-8?q?=D0=BB=D0=BB=D1=8F=D1=86=D0=B8=D0=B8=20cms,=20=D0=B8=D0=BD?= =?UTF-8?q?=D0=B0=D1=87=D0=B5=20=D1=81=D0=B8=D1=82=D1=83=D0=B0=D1=86=D0=B8?= =?UTF-8?q?=D1=8F=20=20-=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2?= =?UTF-8?q?=D0=B0=D1=82=D0=B5=D0=BB=D1=8C=20=D0=BE=D1=82=D0=BF=D1=80=D0=B0?= =?UTF-8?q?=D0=B2=D0=B8=D0=BB=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8C=20,?= =?UTF-8?q?=20=D0=B2=D1=81=D0=B5=20=D0=BE=D0=BA,=20=D0=B0=20=D0=B7=D0=B0?= =?UTF-8?q?=D0=B9=D1=82=D0=B8=20=D0=B2=20=D0=B0=D0=B4=D0=BC=D0=B8=D0=BD?= =?UTF-8?q?=D0=BA=D1=83=20=D0=BD=D0=B5=20=D1=81=D0=BC=D0=BE=D0=B6=D0=B5?= =?UTF-8?q?=D1=82.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/index.php | 14 +++++++++----- install/lang/ru.txt | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/install/index.php b/install/index.php index ed280e5..c3626a7 100644 --- a/install/index.php +++ b/install/index.php @@ -649,7 +649,10 @@ switch ($_REQUEST['step']) $_POST['email'] = chop($_POST['email']); $_POST['username'] = chop($_POST['username']); - $regex_username = '/[^\w-]/'; + // Новое регулярное выражение, которое ищет запрещенные символы: + // <, >, ", ', ` + $regex_forbidden = '/[<>\"\'`]/'; + $regex_password = '/[^\x20-\xFF]/'; $regex_password = '/[^\x20-\xFF]/'; $regex_email = '/^[\w.-]+@[a-z0-9.-]+\.(?:[a-z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)$/i'; @@ -691,10 +694,11 @@ switch ($_REQUEST['step']) } $errors = array(); - if ($_POST['email'] == '') array_push($errors, $AVE_Template->get_config_vars('noemail')); - if (! preg_match($regex_email, $_POST['email'])) array_push($errors, $AVE_Template->get_config_vars('email_no_specialchars')); - if (empty($_POST['pass']) || preg_match($regex_password, $_POST['pass'])) array_push($errors, $AVE_Template->get_config_vars('check_pass')); - if (strlen($_POST['pass']) < 5) array_push($errors, $AVE_Template->get_config_vars('pass_too_small')); + if ($_POST['email'] == '') array_push($errors, $AVE_Template->get_config_vars('noemail')); + if (! preg_match($regex_email, $_POST['email'])) array_push($errors, $AVE_Template->get_config_vars('email_no_specialchars')); + if (preg_match($regex_forbidden, $_POST['pass'])) array_push($errors, $AVE_Template->get_config_vars('forbidden_symbols_in_pass')); + if (empty($_POST['pass']) || preg_match($regex_password, $_POST['pass'])) array_push($errors, $AVE_Template->get_config_vars('check_pass')); + if (strlen($_POST['pass']) < 5) array_push($errors, $AVE_Template->get_config_vars('pass_too_small')); if (empty($_POST['username']) || preg_match($regex_username, $_POST['username'])) array_push($errors, $AVE_Template->get_config_vars('check_username')); $AVE_Template->assign('errors', $errors); diff --git a/install/lang/ru.txt b/install/lang/ru.txt index 1220341..94b561a 100644 --- a/install/lang/ru.txt +++ b/install/lang/ru.txt @@ -60,6 +60,7 @@ login_field = "Поля отмеченные *< username = "Имя пользователя" email = "E-mail" password = "Пароль" +forbidden_symbols_in_pass = "Пароль не должен содержать следующие символы: < > \" ' ` " noemail = "Пожалуйста, укажите E-mail адрес."