From 3b7ff030f2f31dcf2b834eb6585ea0c251324f04 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 6 Aug 2020 21:32:02 -0600
Subject: [PATCH] Update RegisterController

---
 app/Http/Controllers/Auth/RegisterController.php | 4 ++++
 app/Util/Lexer/RestrictedNames.php               | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 40271f1f5..02dbee42a 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -68,6 +68,10 @@ class RegisterController extends Controller
                 $underscore = substr_count($value, '_');
                 $period = substr_count($value, '.');
 
+                if(ends_with($value, ['.php', '.js', '.css'])) {
+                    return $fail('Username is invalid.');
+                }
+
                 if(($dash + $underscore + $period) > 1) {
                     return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
                 }
diff --git a/app/Util/Lexer/RestrictedNames.php b/app/Util/Lexer/RestrictedNames.php
index ae3f97bf4..8f3f97d4c 100644
--- a/app/Util/Lexer/RestrictedNames.php
+++ b/app/Util/Lexer/RestrictedNames.php
@@ -85,6 +85,7 @@ class RestrictedNames
 
 		// Static Assets
 		'assets',
+		'public',
 		'storage',
 
 		// Laravel Horizon
@@ -141,6 +142,8 @@ class RestrictedNames
 		'drives',
 		'driver',
 		'e',
+		'embed',
+		'embed.js',
 		'email',
 		'emails',
 		'error',
@@ -182,6 +185,7 @@ class RestrictedNames
 		'invites',
 		'import',
 		'imports',
+		'index.php',
 		'j',
 		'js',
 		'k',
@@ -280,6 +284,7 @@ class RestrictedNames
 		'whatsnew',
 		'whatnew',
 		'whats-news',
+		'web',
 		'ws',
 		'wss',
 		'www',