From 6d0858cf355ff0f99dcc6c50b3994cb15f36dc89 Mon Sep 17 00:00:00 2001
From: Niels Andriesse <andriesseniels@gmail.com>
Date: Mon, 21 Oct 2019 16:28:05 +1100
Subject: [PATCH] Limit allowed characters in display names

---
 src/org/thoughtcrime/securesms/CreateProfileActivity.java  | 7 +++++++
 src/org/thoughtcrime/securesms/loki/DisplayNameActivity.kt | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/src/org/thoughtcrime/securesms/CreateProfileActivity.java b/src/org/thoughtcrime/securesms/CreateProfileActivity.java
index 975a9b443f..d30324ae2a 100644
--- a/src/org/thoughtcrime/securesms/CreateProfileActivity.java
+++ b/src/org/thoughtcrime/securesms/CreateProfileActivity.java
@@ -67,6 +67,8 @@ import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.inject.Inject;
 
@@ -227,9 +229,14 @@ public class CreateProfileActivity extends BaseActionBarActivity implements Inje
       public void onTextChanged(CharSequence s, int start, int before, int count) {}
       @Override
       public void afterTextChanged(Editable s) {
+        Pattern pattern = Pattern.compile("[a-zA-Z0-9_]+");
+        Matcher matcher = pattern.matcher(s.toString());
         if (s.toString().isEmpty()) {
           name.getInput().setError("Invalid");
           finishButton.setEnabled(false);
+        } else if (!matcher.matches()) {
+          name.getInput().setError("Invalid (a-z, A-Z, 0-9 and _ only)");
+          finishButton.setEnabled(false);
         } else if (s.toString().getBytes().length > ProfileCipher.NAME_PADDED_LENGTH) {
           name.getInput().setError(getString(R.string.CreateProfileActivity_too_long));
           finishButton.setEnabled(false);
diff --git a/src/org/thoughtcrime/securesms/loki/DisplayNameActivity.kt b/src/org/thoughtcrime/securesms/loki/DisplayNameActivity.kt
index bb7f97504e..c99f480a75 100644
--- a/src/org/thoughtcrime/securesms/loki/DisplayNameActivity.kt
+++ b/src/org/thoughtcrime/securesms/loki/DisplayNameActivity.kt
@@ -27,6 +27,9 @@ class DisplayNameActivity : BaseActionBarActivity() {
         if (name.isEmpty()) {
             return nameEditText.input.setError("Invalid")
         }
+        if (!name.matches(Regex("[a-zA-Z0-9_]+"))) {
+            return nameEditText.input.setError("Invalid (a-z, A-Z, 0-9 and _ only)")
+        }
         if (name.toByteArray().size > ProfileCipher.NAME_PADDED_LENGTH) {
             return nameEditText.input.setError("Too Long")
         } else {