From a8cbfffce2c3de66618d8cd68b604e13455a5616 Mon Sep 17 00:00:00 2001
From: ghost <localhost>
Date: Mon, 18 Dec 2023 06:46:56 +0200
Subject: [PATCH] add system usernames validation

---
 .env                              |  2 +-
 src/Controller/UserController.php | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index 5a36b0f..45b8933 100644
--- a/.env
+++ b/.env
@@ -71,7 +71,7 @@ APP_MODERATOR_REMOTE_IP=
 APP_ADD_USER_NAME_REGEX=/^[0-9A-z-]{2,16}$/ui
 
 # User name reserved (case insensitive) separated with |
-APP_ADD_USER_NAME_BLACKLIST=KevaChat|admin|moderator|anon|test
+APP_ADD_USER_NAME_BLACKLIST=KevaChat|admin|moderator|test
 
 # Delay before have ability to create new username again
 APP_ADD_USER_REMOTE_IP_DELAY=86400
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index eb49fcb..0f1bb84 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -235,6 +235,18 @@ class UserController extends AbstractController
             );
         }
 
+        // Validate system username values
+        if (in_array(mb_strtolower($username), ['anon','anonymous']))
+        {
+            return $this->redirectToRoute(
+                'user_add',
+                [
+                    'username' => $request->get('username'),
+                    'error'    => $translator->trans('Username reserved for anonymous users!')
+                ]
+            );
+        }
+
         // Validate meta NS
         if (str_starts_with($username, '_'))
         {