From e6dbfd918c8d68c29c01bf2617321b037393ada1 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 7 Mar 2017 14:07:20 -0500
Subject: security: fix vulnerability in changing username
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by João Arnaut.
---
 modules/form/user.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/form/user.go b/modules/form/user.go
index c7d7a3d6..a7a34925 100644
--- a/modules/form/user.go
+++ b/modules/form/user.go
@@ -90,7 +90,7 @@ func (f *SignIn) Validate(ctx *macaron.Context, errs binding.Errors) binding.Err
 //         \/         \/                                   \/        \/        \/
 
 type UpdateProfile struct {
-	Name     string `binding:"OmitEmpty;MaxSize(35)"`
+	Name     string `binding:"Required;AlphaDashDot;MaxSize(35)"`
 	FullName string `binding:"MaxSize(100)"`
 	Email    string `binding:"Required;Email;MaxSize(254)"`
 	Website  string `binding:"Url;MaxSize(100)"`
-- 
cgit v1.2.3