diff -Nur -x '*.orig' -x '*.rej' e-smith-base-4.18.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm mezzanine_patched_e-smith-base-4.18.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm
--- e-smith-base-4.18.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm	2008-02-12 16:56:28.000000000 +1100
+++ mezzanine_patched_e-smith-base-4.18.0/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/useraccounts.pm	2008-02-12 16:53:11.000000000 +1100
@@ -729,7 +729,7 @@
     my ($self) = @_;
     my $acctName = $self->{cgi}->param('acctName');
 
-    unless (($acctName) = ($acctName =~ /^(\w[\-\w_\.]+)$/)) {
+    unless (($acctName) = ($acctName =~ /^(\w[\-\w_\.]*)$/)) {
         return $self->error($self->localise('TAINTED_USER',
             { acctName => $acctName }));
     }
@@ -824,7 +824,7 @@
     undef $accountdb;
 
     # Untaint the username before use in system()
-    $acctName =~ /^(\w[\-\w_\.]+)$/;
+    $acctName =~ /^(\w[\-\w_\.]*)$/;
     $acctName = $1;
 
     if (system ("/sbin/e-smith/signal-event", "user-create", $acctName)) 
@@ -874,7 +874,7 @@
         undef $accountdb;
 
 	# Untaint the username before use in system()
-	$acctName =~ /^(\w[\-\w_\.]+)$/;
+	$acctName =~ /^(\w[\-\w_\.]*)$/;
 	$acctName = $1;
         if (system ("/sbin/e-smith/signal-event", "user-delete", $acctName))
         {
@@ -902,7 +902,7 @@
     my ($self) = @_;
     my $acctName = $self->{cgi}->param('acctName');
 
-    unless (($acctName) = ($acctName =~ /^(\w[\-\w_\.]+)$/)) {
+    unless (($acctName) = ($acctName =~ /^(\w[\-\w_\.]*)$/)) {
         return $self->error('TAINTED_USER');
     }
     $acctName = $1;
@@ -949,7 +949,7 @@
         undef $accountdb;
 
 	# Untaint the username before use in system()
-	$acctName =~ /^(\w[\-\w_\.]+)$/;
+	$acctName =~ /^(\w[\-\w_\.]*)$/;
 	$acctName = $1;
         if (system("/sbin/e-smith/signal-event", "user-lock", $acctName))
         {