From 0848871c67471babfaea80b0ea55b7813fe0e45e Mon Sep 17 00:00:00 2001
From: Ruan <ruany@users.noreply.github.com>
Date: Mon, 8 Jun 2015 17:44:53 +0200
Subject: [PATCH] Validate user input

---
 check.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/check.php b/check.php
index cd5d810..f0c61bf 100644
--- a/check.php
+++ b/check.php
@@ -1,7 +1,13 @@
 <?php
 if (isset($_POST['name'], $_POST['table'])) {
     require 'includes/page.php';
-    $name = $_POST['name']; // user input
+    $name = $_POST['name'];
+    // validate user input
+    if (strlen($name) > 16 || !preg_match("/[0-9a-zA-Z_]/", $name)) {
+        echo('Invalid name.');
+        return;
+    }
+
     global $table_bans, $table_history, $conn;
     $stmt = $conn->prepare("SELECT name,uuid FROM " . $table_history . " WHERE name=? ORDER BY date LIMIT 1");
     if ($stmt->execute(array($name))) {