From 9db05fe4c1e97240c09699a0846a6d13239b50f0 Mon Sep 17 00:00:00 2001
From: cornex1 <kristoffer@webbkoder.se>
Date: Thu, 8 May 2014 10:00:56 +0200
Subject: [PATCH] Fixed illegal string filter on name change

Fixed illegal string filter on name change
---
 myaccount.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/myaccount.php b/myaccount.php
index 340ead9..51c645c 100644
--- a/myaccount.php
+++ b/myaccount.php
@@ -97,6 +97,17 @@ if (!empty($_POST['change_name'])) {
 							$error = true;
 						}
 					}
+					// Check name for illegal characters.
+					function checkNewNameForIllegal($name) {
+						if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) {
+							return true;
+						}
+						return false;
+					}
+					if (checkNewNameForIllegal($newname)) {
+						$error = true;
+						echo 'This name contains illegal characters.';
+					}
 					if ($error === false) {
 						// Change the name!
 						mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
@@ -359,4 +370,4 @@ if (!empty($_POST['selected_comment'])) {
 	</div>
 	<?php
 }
-include 'layout/overall/footer.php'; ?>
\ No newline at end of file
+include 'layout/overall/footer.php'; ?>