API: sanitize username

https://github.com/marienfressinaud/FreshRSS/issues/13
2026-04-29 02:34:05 -04:00 · 2014-02-27 23:53:06 +01:00
parent ed27a69c3a
commit d79da54c98
1 changed files with 4 additions and 1 deletions
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -124,7 +124,10 @@ function authorizationToUser() {
 	if ($headerAuth != '') {
 		$headerAuthX = explode('/', $headerAuth, 2);
 		if ((count($headerAuthX) === 2) && ($headerAuthX[1] === TEMP_AUTH)) {
-			return $headerAuthX[0];
+			$user = $headerAuthX[0];
+			if (ctype_alnum($user)) {
+				return $user;
+			}
 		}
 	}
 	return null;