diff options
author | Gabriel Pérez-Cerezo <gabriel@gpcf.eu> | 2020-02-24 13:43:11 +0100 |
---|---|---|
committer | Gabriel Pérez-Cerezo <gabriel@gpcf.eu> | 2020-02-24 13:43:11 +0100 |
commit | 77f7a301678e6e4b121d0f4729594f5cb34d8c39 (patch) | |
tree | 7e6b81afb83b53dd5eb2cfa5f27f1e60c7a15b47 | |
parent | 65ff7842ba1ecfd2ee6cdba708489de0f987ede2 (diff) | |
download | auth_export-77f7a301678e6e4b121d0f4729594f5cb34d8c39.tar.gz auth_export-77f7a301678e6e4b121d0f4729594f5cb34d8c39.tar.bz2 auth_export-77f7a301678e6e4b121d0f4729594f5cb34d8c39.zip |
Mediawiki turns any number of _ into whitespace, so Foo__Bar and
Foo_Bar and Foo_Bar_ would be mapped to the same account, leading to
account takeover.
-rw-r--r-- | init.lua | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -14,3 +14,13 @@ if http then dofile(MP .. "/webmail.lua") mail.webmail_init(http, webmail_url, webmail_key) end + + +minetest.register_on_prejoinplayer(function(name, ip) + if minetest.player_exists(name) then + return + end + if name:match("_") then + return "For security reasons, underscores are banned on this server. Please choose another username!" + end +end) |