Don't allow [/;.,?] to be used in display names, as those are used as
authorTom Hughes <tom@compton.nu>
Mon, 11 Jun 2007 08:43:47 +0000 (08:43 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 11 Jun 2007 08:43:47 +0000 (08:43 +0000)
separator characters by rails when routing, which means a display name
containing them will not work as part of a URL.

app/models/user.rb

index 7b57b87108eae1f5ad752504e2fc3cbb39d7befe..d6cff0f25856e0cc8f65ab12677ac6c75f347ed9 100644 (file)
@@ -13,6 +13,7 @@ class User < ActiveRecord::Base
   validates_length_of :pass_crypt, :minimum => 8
   validates_length_of :display_name, :minimum => 3, :allow_nil => true
   validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
+  validates_format_of :display_name, :with => /^[^\/;.,?]*$/
 
   before_save :encrypt_password