security: fix vulnerability in changing username

Reported by João Arnaut.

gogs.go

@@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.10.7.0306"
+const APP_VER = "0.10.8.0307"
 
 func init() {
 	setting.AppVer = APP_VER

modules/form/user.go

@@ -90,7 +90,7 @@ func (f *SignIn) Validate(ctx *macaron.Context, errs binding.Errors) binding.Err
 //         \/         \/                                   \/        \/        \/
 
 type UpdateProfile struct {
-	Name     string `binding:"OmitEmpty;MaxSize(35)"`
+	Name     string `binding:"Required;AlphaDashDot;MaxSize(35)"`
 	FullName string `binding:"MaxSize(100)"`
 	Email    string `binding:"Required;Email;MaxSize(254)"`
 	Website  string `binding:"Url;MaxSize(100)"`

templates/.VERSION

@@ -1 +1 @@
-0.10.7.0306
+0.10.8.0307

templates/user/settings/profile.tmpl

@@ -25,7 +25,7 @@
 						</div>
 						<div class="required field {{if .Err_Email}}error{{end}}">
 							<label for="email">{{.i18n.Tr "email"}}</label>
-							<input id="email" name="email" value="{{.SignedUser.Email}}">
+							<input id="email" name="email" value="{{.SignedUser.Email}}" required>
 						</div>
 						<div class="field {{if .Err_Website}}error{{end}}">
 							<label for="website">{{.i18n.Tr "settings.website"}}</label>