From 77f7a301678e6e4b121d0f4729594f5cb34d8c39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20P=C3=A9rez-Cerezo?= <gabriel@gpcf.eu>
Date: Mon, 24 Feb 2020 13:43:11 +0100
Subject: SECURITY: Fix mediawiki merging accounts

Mediawiki turns any number of _ into whitespace, so Foo__Bar and
Foo_Bar and Foo_Bar_ would be mapped to the same account, leading to
account takeover.
---
 init.lua | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/init.lua b/init.lua
index 990ee0c..cbf5378 100644
--- a/init.lua
+++ b/init.lua
@@ -14,3 +14,13 @@ if http then
 	dofile(MP .. "/webmail.lua")
 	mail.webmail_init(http, webmail_url, webmail_key)
 end
+
+
+minetest.register_on_prejoinplayer(function(name, ip)
+      if minetest.player_exists(name) then
+			return
+      end
+      if name:match("_") then
+			return "For security reasons, underscores are banned on this server. Please choose another username!"
+		end
+end)
-- 
cgit v1.2.3