From ad61786b0f317003586d175d0525094e63a782ca Mon Sep 17 00:00:00 2001
From: Saptak S <saptak013@gmail.com>
Date: Fri, 8 Mar 2024 20:50:37 +0530
Subject: Allows only specific unicode characters for username

Added a function to remove all characters apart from characters which
fall under the unicode categories of letters and numbers. Also added a
list of allowed special characters.
---
 cli/onionshare_cli/web/chat_mode.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/cli/onionshare_cli/web/chat_mode.py b/cli/onionshare_cli/web/chat_mode.py
index 5a11eedd..dd151451 100644
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@@ -17,6 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
+import unicodedata
 
 from flask import request, render_template, make_response, jsonify, session
 from flask_socketio import emit, ConnectionRefusedError
@@ -47,11 +48,28 @@ class ChatModeWeb:
 
         self.define_routes()
 
+    def remove_unallowed_characters(self, text):
+        allowed_unicode_categories = [
+            'L',    # All letters
+            'N',    # All numbers
+        ]
+        allowed_special_characters = [
+            '-',    # dash
+            '_',    # underscore
+            ' ',    # single space
+        ]
+
+        def allowed_character(ch):
+            return unicodedata.category(ch)[0] in allowed_unicode_categories or ch in allowed_special_characters
+
+        return "".join(
+            ch for ch in text if allowed_character(ch)
+        )
+
     def validate_username(self, username):
-        username = username.strip()
+        username = self.remove_unallowed_characters(username.strip())
         return (
             username
-            and username.isascii()
             and username not in self.connected_users
             and len(username) < 128
         )
-- 
cgit v1.2.3-54-g00ecf


From 2ef15395d4a01ec56867c9a3dd60161a193f9380 Mon Sep 17 00:00:00 2001
From: Saptak S <saptak013@gmail.com>
Date: Sat, 9 Mar 2024 00:13:40 +0530
Subject: Allow only ascii characters

---
 cli/onionshare_cli/web/chat_mode.py | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/cli/onionshare_cli/web/chat_mode.py b/cli/onionshare_cli/web/chat_mode.py
index dd151451..02466e2b 100644
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@@ -49,18 +49,27 @@ class ChatModeWeb:
         self.define_routes()
 
     def remove_unallowed_characters(self, text):
-        allowed_unicode_categories = [
-            'L',    # All letters
-            'N',    # All numbers
-        ]
-        allowed_special_characters = [
-            '-',    # dash
-            '_',    # underscore
-            ' ',    # single space
-        ]
+        """
+        Sanitize username to remove unwanted characters.
+        Allowed characters right now are:
+            - all ASCII numbers
+            - all ASCII letters
+            - dash, underscore and single space
+        """
 
         def allowed_character(ch):
-            return unicodedata.category(ch)[0] in allowed_unicode_categories or ch in allowed_special_characters
+            allowed_unicode_categories = [
+                'L',    # All letters
+                'N',    # All numbers
+            ]
+            allowed_special_characters = [
+                '-',    # dash
+                '_',    # underscore
+                ' ',    # single space
+            ]
+            return (
+                unicodedata.category(ch)[0] in allowed_unicode_categories and ord(ch) < 128
+             ) or ch in allowed_special_characters
 
         return "".join(
             ch for ch in text if allowed_character(ch)
-- 
cgit v1.2.3-54-g00ecf