From 3a60b6fff72c1d86e4a5c11f985091e45c54d554 Mon Sep 17 00:00:00 2001
From: Nanobyte <nanobyte@ymail.com>
Date: Mon, 19 Apr 2021 03:14:31 +0200
Subject: [PATCH] Remove unicode control characters from username

---
 src/routes/setUsername.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/routes/setUsername.ts b/src/routes/setUsername.ts
index d40180f..c44c38a 100644
--- a/src/routes/setUsername.ts
+++ b/src/routes/setUsername.ts
@@ -21,6 +21,10 @@ export async function setUsername(req: Request, res: Response) {
         res.sendStatus(200);
         return;
     }
+    
+    // remove unicode control characters from username (example: \n, \r, \t etc.)
+    // source: https://en.wikipedia.org/wiki/Control_character#In_Unicode
+    userName = userName.replace(/[\u0000-\u001F\u007F-\u009F]/g, '');
 
     if (adminUserIDInput != undefined) {
         //this is the admin controlling the other users account, don't hash the controling account's ID