users: don't allow Hangul filler characters in names.

Don't allow the following characters in names: * https://codepoints.net/U+115F (HANGUL CHOSEONG FILLER) * https://codepoints.net/U+1160 (HANGUL JUNGSEONG FILLER) * https://codepoints.net/U+3164 (HANGUL FILLER) * https://codepoints.net/U+FFA0 (HALFWIDTH HANGUL FILLER) These are space-like characters that were inadvertently allowed because they're not considered whitespace by Unicode and because they're in the Hangul script (which we otherwise allow).
2022-12-05 23:54:33 -06:00
parent d157899226
commit dddd28a27b
2 changed files with 7 additions and 1 deletions
--- a/app/logical/user_name_validator.rb
+++ b/app/logical/user_name_validator.rb
@@ -26,7 +26,8 @@ class UserNameValidator < ActiveModel::EachValidator
      rec.errors.add(attr, "must be more than 1 character long")
    elsif name.length >= 25
      rec.errors.add(attr, "must be less than 25 characters long")
-    elsif name =~ /[[:space:]]/
+    # \p{di} = default ignorable codepoints. Filters out Hangul filler characters (U+115F, U+1160, U+3164, U+FFA0)
+    elsif name =~ /[[:space:]\p{di}]/
      rec.errors.add(attr, "can't contain whitespace")
    elsif name =~ /\A[[:punct:]]/
      rec.errors.add(attr, "can't start with '#{name.first}'")
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -219,6 +219,11 @@ class UserTest < ActiveSupport::TestCase
      should_not allow_value("admin").for(:name)
      should_not allow_value("mod").for(:name)
      should_not allow_value("moderator").for(:name)
+
+      should_not allow_value("foo_\u115F").for(:name)
+      should_not allow_value("foo_\u1160").for(:name)
+      should_not allow_value("foo_\u3164").for(:name)
+      should_not allow_value("foo_\uFFA0").for(:name)
    end

    context "searching for users by name" do