Add some more sensible username checks

useradmin/lang/en

@@ -143,6 +143,7 @@ usave_ecreate=You cannot create new users
 usave_ebadname='$1' is not a valid username
 usave_elength=Username cannot be longer than $1 letters
 usave_ere=Username does not match regexp $1
+usave_eltgt=Username cannot contain < or > characters
 usave_erename=You are not allowed to rename users
 usave_einuse=the username '$1' is already in use
 usave_einuse_a=the username '$1' is already in use by a mail alias

useradmin/save_group.cgi

@@ -42,8 +42,8 @@ else {
 	$access{'gcreate'}==1 || &error($text{'gsave_ecreate'});
 	$in{'group'} =~ /^[^:\t]+$/ ||
 		&error(&text('gsave_ebadname', $in{'group'}));
-	$config{'max_length'} && length($in{'group'}) > $config{'max_length'} &&
-		&error(&text('gsave_elength', $config{'max_length'}));
+	$err = &check_username_restrictions($in{'group'});
+	&error($err) if ($err);
 	&my_getgrnam($in{'group'}) &&
 		&error(&text('gsave_einuse', $in{'group'}));
 	$group{'group'} = $in{'group'};

useradmin/user-lib.pl

@@ -1618,6 +1618,7 @@ if ($config{'max_length'} && length($username) > $config{'max_length'}) {
 local $re = $config{'username_re'};
 return &text('usave_ere', $re)
 	if ($re && !eval { $username =~ /^$re$/ });
+return $text{'usave_eltgt'} if ($username =~ /<|>/);
 return undef;
 }