From ad41b5be3857af84d6f37fb961511f1e5c72c98c Mon Sep 17 00:00:00 2001
From: Darks <l.gatin@neuf.fr>
Date: Thu, 21 Nov 2019 16:27:53 +0100
Subject: [PATCH] Solved a security issue Users could create accounts named
 Admin, ROOT, etc.

---
 app/utils/valid_name.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/utils/valid_name.py b/app/utils/valid_name.py
index 96124c9..f6543ae 100644
--- a/app/utils/valid_name.py
+++ b/app/utils/valid_name.py
@@ -27,7 +27,7 @@ def valid_name(name, msg=False):
 
     # Rule 2
     try:
-        normalize(name)
+        normalized_name = normalize(name)
     except ValueError:
         errors.append("cant-normalize")
 
@@ -36,7 +36,7 @@ def valid_name(name, msg=False):
         errors.append("no-letter")
 
     # Rule 4
-    if name in V5Config.FORBIDDEN_USERNAMES:
+    if normalized_name in V5Config.FORBIDDEN_USERNAMES:
         errors.append("forbidden")
 
     return True if errors == [] else errors