From 5844eab6d5d15a05f825e3cfd9c5e5905b0b8a8f Mon Sep 17 00:00:00 2001
From: woodwhale <woodwhale@qq.com>
Date: Fri, 21 Oct 2022 10:44:39 +0800
Subject: [PATCH 1/2] =?UTF-8?q?account=5Fservice.py:=20=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?=E6=B3=A8=E5=86=8C=E6=97=B6=E7=94=A8=E6=88=B7=E5=90=8D=E7=9A=84?=
 =?UTF-8?q?=E9=9D=9E=E6=B3=95=E5=AD=97=E7=AC=A6=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/account_service.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/account_service.py b/app/account_service.py
index 753c51e..f97afb8 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -19,7 +19,19 @@ def signup():
         # POST方法需判断是否注册成功，再根据结果返回不同的内容
         username = escape(request.form['username'])
         password = escape(request.form['password'])
-
+        #! 添加如下代码为了过滤注册时的非法字符
+        if len(username) > 20:
+            return '用户名过长'
+        # 正则匹配非法字符
+        check_useful = re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username)
+        if not check_useful:
+            return '存在非法字符'
+        # 判断用户名是否和接口重名
+        if username in ["signup", "login", "logout", 
+                        "reset", "mark", "back", 
+                        "unfamiliar", "familiar", 'del']:
+            return '请勿与接口同名'
+        
         available = check_username_availability(username)
         if not available: # 用户名不可用
             flash('用户名 %s 已经被注册。' % (username))

From 59d95d8e9fbd7ea48f43e4296cd8223c992d77d3 Mon Sep 17 00:00:00 2001
From: wuyuhan <woodwhale@qq.com>
Date: Fri, 21 Oct 2022 11:07:20 +0800
Subject: [PATCH 2/2] =?UTF-8?q?account=5Fservice.py:=20=E5=AF=BC=E5=85=A5r?=
 =?UTF-8?q?e=E5=BA=93=E4=BD=BF=E7=94=A8=E6=AD=A3=E5=88=99=E5=8C=B9?=
 =?UTF-8?q?=E9=85=8D=E8=BF=87=E6=BB=A4=E4=BA=86=E6=B3=A8=E5=86=8C=E6=97=B6?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=90=8D=E7=9A=84=E9=9D=9E=E6=B3=95=E5=AD=97?=
 =?UTF-8?q?=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/account_service.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/account_service.py b/app/account_service.py
index f97afb8..0e5cf7a 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -1,5 +1,6 @@
 from flask import *
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password
+import re
 
 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)
@@ -19,6 +20,7 @@ def signup():
         # POST方法需判断是否注册成功，再根据结果返回不同的内容
         username = escape(request.form['username'])
         password = escape(request.form['password'])
+        
         #! 添加如下代码为了过滤注册时的非法字符
         if len(username) > 20:
             return '用户名过长'