From 0775eaf8c1aef5b40e9bac34e7546395191d12d3 Mon Sep 17 00:00:00 2001
From: typ <me@me.me>
Date: Sat, 13 Jul 2013 16:41:51 +0200
Subject: [PATCH] add check for non alpa/-/_ chars

---
 public/include/classes/user.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index a363ff58..cd514966 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -455,6 +455,10 @@ class User {
       $this->setErrorMessage('Username exceeding character limit');
       return false;
     }
+    if (!preg_match('/[^a-zA-Z0-9_\-]/', $username)) {
+      $this->setErrorMessage('Username may only contain alphanumeric characters');
+      return false;
+    }
     if ($this->getEmail($email1)) {
       $this->setErrorMessage( 'This e-mail address is already taken' );
       return false;