added check for char |

geckod22 · geckod22 · commit bcba3aca4ed3 · 2025-08-26T08:32:58.000+01:00
diff --git a/includes/SSO_Helpers.php b/includes/SSO_Helpers.php
@@ -260,7 +260,7 @@ public static function handleLogin( $token ) {
 
 		$user = self::getUserFromToken( $token );
 		if ( $user ) {
-			if ( preg_match( "/['\"\\\\]/", $user->user_login ) ) {
+			if ( preg_match( "/['\"\\\\<|]/", $user->user_login ) ) {
 				self::triggerFailure( 'invalid_username' );
 				exit;
 			}
diff --git a/includes/SSO_Helpers_Legacy.php b/includes/SSO_Helpers_Legacy.php
@@ -39,7 +39,7 @@ public static function handleLegacyLogin( $nonce, $salt ) {
 		}
 
 		if ( $user ) {
-			if ( preg_match( "/['\"\\\\<]/", $user->user_login ) ) {
+			if ( preg_match( "/['\"\\\\<|]/", $user->user_login ) ) {
 				self::triggerFailure( 'invalid_username' );
 				exit;
 			}

Original file line number	Diff line number	Diff line change
`@@ -260,7 +260,7 @@ public static function handleLogin( $token ) {`
`260`	`260`
`261`	`261`	`$user = self::getUserFromToken( $token );`
`262`	`262`	`if ( $user ) {`
`263`		`- if ( preg_match( "/['\"\\\\]/", $user->user_login ) ) {`
	`263`	`+ if ( preg_match( "/['\"\\\\<\|]/", $user->user_login ) ) {`
`264`	`264`	`self::triggerFailure( 'invalid_username' );`
`265`	`265`	`exit;`
`266`	`266`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public static function handleLegacyLogin( $nonce, $salt ) {`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`if ( $user ) {`
`42`		`- if ( preg_match( "/['\"\\\\<]/", $user->user_login ) ) {`
	`42`	`+ if ( preg_match( "/['\"\\\\<\|]/", $user->user_login ) ) {`
`43`	`43`	`self::triggerFailure( 'invalid_username' );`
`44`	`44`	`exit;`
`45`	`45`	`}`