From f49601a1736ff6a8a619942f8da8a0d7b7434fdb Mon Sep 17 00:00:00 2001
From: Isaac Connor <iconnor@connortechnology.com>
Date: Thu, 10 Mar 2022 14:09:41 -0500
Subject: [PATCH] Add filtering to Username to prevent XSS

---
 web/includes/Group.php | 2 +-
 web/includes/User.php  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/includes/Group.php b/web/includes/Group.php
index 93c20fc70..2edc069e2 100644
--- a/web/includes/Group.php
+++ b/web/includes/Group.php
@@ -5,7 +5,7 @@ class Group extends ZM_Object {
   protected static $table = 'Groups';
   protected $defaults = array(
       'Id'              =>  null,
-      'Name'            =>  '',
+      'Name'            => array('type'=>'text','filter_regexp'=>'/[^\w\-\.\(\)\:\/ ]/', 'default'=>'Group'),
       'ParentId'        =>  null,
       );
 
diff --git a/web/includes/User.php b/web/includes/User.php
index 7489f9d19..c97eb03d1 100644
--- a/web/includes/User.php
+++ b/web/includes/User.php
@@ -9,7 +9,7 @@ class User extends ZM_Object {
 
 	protected $defaults = array(
 			'Id'              => null,
-      'Username'        => '',
+      'Username'        => array('type'=>'text','filter_regexp'=>'/[^\w\.@ ]/'),
       'Password'        => '',
       'Language'        => '',
       'Enabled'         => 1,
@@ -25,7 +25,7 @@ class User extends ZM_Object {
       'MonitorIds'      => '',
       'TokenMinExpiry'  => 0,
       'APIEnabled'      => 1,
-      'HomeView'        =>  '',
+      'HomeView'        => '',
 			);
 
   public static function find( $parameters = array(), $options = array() ) {