Update UserMgmtService.java

valid email&username to fix an XSS vulnerability

src/main/java/org/b3log/solo/service/UserMgmtService.java

@@ -274,6 +274,9 @@ public class UserMgmtService {
         try {
             final JSONObject user = new JSONObject();
             final String userEmail = requestJSONObject.optString(User.USER_EMAIL).trim().toLowerCase();
+            if (!Strings.isEmail(userEmail)) {
+                throw new ServiceException(langPropsService.get("mailInvalidLabel"));
+            }
             final JSONObject duplicatedUser = userRepository.getByEmail(userEmail);
 
             if (null != duplicatedUser) {
@@ -287,6 +290,9 @@ public class UserMgmtService {
             user.put(User.USER_EMAIL, userEmail);
 
             final String userName = requestJSONObject.optString(User.USER_NAME);
+            if (UserExt.invalidUserName(userName)) {
+                throw new ServiceException(langPropsService.get("userNameInvalidLabel"));
+            }
             user.put(User.USER_NAME, userName);
 
             final String userPassword = requestJSONObject.optString(User.USER_PASSWORD);