src/hg/hgLogin/hgLogin.c 0e7f2b9590af8c526238af8a414b004a20b09f4f

0e7f2b9590af8c526238af8a414b004a20b09f4f
hiram
  Tue Jan 29 11:22:12 2019 -0800
fix checking of length of user name after URL encoding refs #22867

diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index e29ccfc..ad269ba 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -28,31 +28,31 @@
 #include "autoUpgrade.h"
 
 #define EMAILSEP ";"
 
 /* ---- Global variables. ---- */
 char msg[4096] = "";
 char *incorrectUsernameOrPassword="The username or password you entered is incorrect.";
 char *incorrectUsername="The username you entered is incorrect.";
 /* The excludeVars are not saved to the cart. */
 char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", 
      "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1",
      "hgLogin_newPassword2", NULL };
 struct cart *cart;	/* This holds cgi and other variables between clicks. */
 char *database;		/* Name of genome database - hg15, mm3, or the like. */
 struct hash *oldCart;	/* Old cart hash. */
-char *errMsg;           /* Error message to show user when form data rejected */
+char *errMsg = NULL;    /* Error message to show user when form data rejected */
 char brwName[64];
 char brwAddr[256];
 char signature[256];
 char returnAddr[256];
 char *hgLoginUrl = NULL; /* full absolute URL to hgLogin as seen from browser, 
     e.g. http://genome.ucsc.edu/cgi-bin/hgLogin. Can be a relative URL /cgi-bin/hgLogin if 
     hg.conf login.relativeLink is on. */
 
 /* ---- Global helper functions ---- */
 char *browserName()
 /* Return the browser name like 'UCSC Genome Browser' */
 {
 if isEmpty(cfgOption(CFG_LOGIN_BROWSER_NAME))
     return cloneString("NULL_browserName");
 else
@@ -929,44 +929,47 @@
     "<div class=\"formControls\">"
     "    <input type=\"submit\" name=\"hgLogin.do.signup\" value=\"Sign Up\" class=\"largeButton\"> &nbsp; "
     "    <a href=\"%s\">Cancel</a>"
     "</div>"
     "</form>"
     "</div><!-- END - signUpBox -->",
     cartUsualString(cart, "hgLogin_password", ""), 
     cartUsualString(cart, "hgLogin_password2", ""),
     getReturnToURL());
 cartSaveSession(cart);
 }
 
 void signup(struct sqlConnection *conn)
 /* process the signup form */
 {
-char query[256];
+char query[1024];
 char *user = cartUsualString(cart, "hgLogin_userName", "");
+char *encUserName = cgiEncodeFull(user);
 if (!user || sameString(user,""))
     {
     freez(&errMsg);
     errMsg = cloneString("User name cannot be blank.");
     signupPage(conn);
     return;
     }
 /* Make sure the escaped usrename is less than 32 characters */
-if (strlen(user) > 32)
+if (strlen(encUserName) > 32)
     {
+    char buf[1024];
+    safef(buf,sizeof(buf), "Encoded user name: '%s' is %d characters.  Please use a shorter name: less than 32 characters after URL encoding.", encUserName, (int)strlen(encUserName));
     freez(&errMsg);
-    errMsg = cloneString("Encoded username longer than 32 characters.");
+    errMsg = cloneString(buf);
     signupPage(conn);
     return;
     }
 
 sqlSafef(query,sizeof(query), "SELECT password FROM gbMembers WHERE userName='%s'", user);
 
 char *password = sqlQuickString(conn, query);
 if (password)
     {
     freez(&errMsg);
     errMsg = cloneString("A user with this name already exists.");
     signupPage(conn);
     freez(&user);
     return;
     }