[Fixed] Incorrect regular expression in controllers/register.php

edited November 2015 in Bugs and Errors
The regular expression that checks the username for invalid characters on line 34 of controllers/register.php is incorrect and allows usernames with special characters to be submitted.

file: controllers/register.php

line: line 34

Existing code:

// Validate Username
if (!empty($_POST['username']) && preg_match('/[a-z0-9]+/i', $_POST['username'])) {

Updated code:

// Validate Username
if (!empty($_POST['username']) && preg_match('/^[a-z0-9]+$/i', $_POST['username'])) {



This discussion has been closed.