From d1578992263092adcc0d2f5807743d38267e7687 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 5 Dec 2022 20:39:27 -0600
Subject: [PATCH] users: disallow more names ending with file extensions.

Disallow any name that has a suffix registered as a file extension in Rails.
---
 app/logical/user_name_validator.rb | 2 +-
 config/initializers/mime_types.rb  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/logical/user_name_validator.rb b/app/logical/user_name_validator.rb
index 0bffa0fa7..e6cc3dfb8 100644
--- a/app/logical/user_name_validator.rb
+++ b/app/logical/user_name_validator.rb
@@ -32,7 +32,7 @@ class UserNameValidator < ActiveModel::EachValidator
       rec.errors.add(attr, "can't start with '#{name.first}'")
     elsif name =~ /[[:punct:]]\z/
       rec.errors.add(attr, "can't end with '#{name.last}'")
-    elsif name =~ /\.(html|json|xml|atom|rss|txt|js|css|csv|png|jpg|jpeg|gif|png|avif|webp|mp4|webm|zip|pdf|exe|sitemap)\z/i
+    elsif name =~ /\.(#{Mime::EXTENSION_LOOKUP.keys.join("|")})\z/i
       rec.errors.add(attr, "can't end with a file extension")
     elsif name =~ /__/
       rec.errors.add(attr, "can't contain multiple underscores in a row")
diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb
index 0d9dd405d..d5c52f433 100644
--- a/config/initializers/mime_types.rb
+++ b/config/initializers/mime_types.rb
@@ -9,3 +9,4 @@ Mime::Type.register "image/webp", :webp
 Mime::Type.register "image/avif", :avif
 
 Mime::Type.register "application/x-shockwave-flash", :swf
+Mime::Type.register "application/vnd.microsoft.portable-executable", :exe