users: don't allow names ending with file extensions.

This is so in the future we can have URLs like https://danbooru.donmai.us/users/evazion without problems caused by names like https://danbooru.donmai.us/users/evazion.json
2022-03-07 04:36:20 -06:00
parent 525acd17a5
commit 74d6b4e81e
2 changed files with 8 additions and 0 deletions
--- a/app/logical/user_name_validator.rb
+++ b/app/logical/user_name_validator.rb
@@ -24,6 +24,8 @@ class UserNameValidator < ActiveModel::EachValidator
      rec.errors.add(attr, "can't start with '#{name.first}'")
    elsif name =~ /[[:punct:]]\z/
      rec.errors.add(attr, "can't end with '#{name.last}'")
+    elsif name =~ /\.(html|json|xml|atom|rss|txt|js|css|csv|png|jpg|jpeg|gif|png|mp4|webm|zip|pdf|exe|sitemap)\z/i
+      rec.errors.add(attr, "can't end with a file extension")
    elsif name =~ /__/
      rec.errors.add(attr, "can't contain multiple underscores in a row")
    elsif forbidden_characters.present?
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -189,6 +189,12 @@ class UserTest < ActiveSupport::TestCase
        assert_equal(["Name must contain only basic letters or numbers"], user.errors.full_messages)
      end

+      should "not allow names ending in file extensions" do
+        user = build(:user, name: "evazion.json")
+        user.save
+        assert_equal(["Name can't end with a file extension"], user.errors.full_messages)
+      end
+
      should "not be in the same format as a deleted user" do
        user = build(:user, name: "user_1234")
        user.save