Don't allow [/;.,?] to be used in display names, as those are used as

separator characters by rails when routing, which means a display name
containing them will not work as part of a URL.

diff --git a/app/models/user.rb b/app/models/user.rb
index 7b57b87108eae1f5ad752504e2fc3cbb39d7befe..d6cff0f25856e0cc8f65ab12677ac6c75f347ed9 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ActiveRecord::Base
   validates_length_of :pass_crypt, :minimum => 8
   validates_length_of :display_name, :minimum => 3, :allow_nil => true
   validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
+  validates_format_of :display_name, :with => /^[^\/;.,?]*$/
 
   before_save :encrypt_password