From 3ef022b0713aa1356b21a879c4e7140670078b57 Mon Sep 17 00:00:00 2001
From: LefsFlare <LefsFlarey@users.noreply.github.com>
Date: Sat, 12 Nov 2016 20:26:45 +0800
Subject: [PATCH] Fixes possible vulnerabilities with keyword hijacking (#20)

- Added public entries to reserved keywords list
- Rename variables
- Derped comment
---
 models/user.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/models/user.go b/models/user.go
index 8d73e180f..d97ced931 100644
--- a/models/user.go
+++ b/models/user.go
@@ -505,12 +505,12 @@ func NewGhostUser() *User {
 }
 
 var (
-	reversedUsernames    = []string{"debug", "raw", "install", "api", "avatar", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new", ".", ".."}
-	reversedUserPatterns = []string{"*.keys"}
+	reservedUsernames    = []string{"assets", "css", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatar", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new", ".", ".."}
+	reservedUserPatterns = []string{"*.keys"}
 )
 
 // isUsableName checks if name is reserved or pattern of name is not allowed
-// based on given reversed names and patterns.
+// based on given reserved names and patterns.
 // Names are exact match, patterns can be prefix or suffix match with placeholder '*'.
 func isUsableName(names, patterns []string, name string) error {
 	name = strings.TrimSpace(strings.ToLower(name))
@@ -535,7 +535,7 @@ func isUsableName(names, patterns []string, name string) error {
 }
 
 func IsUsableUsername(name string) error {
-	return isUsableName(reversedUsernames, reversedUserPatterns, name)
+	return isUsableName(reservedUsernames, reservedUserPatterns, name)
 }
 
 // CreateUser creates record of a new user.