Posted on: 03/24/04 03:40am
By: buddilla
Since the update from 1.3.8 to 1.3.9 I have found that users that had special characters in thier usernames could not login.
Im glad i dont have alot of users that have special chararters. Shouldnt the User Names be simple strings that are not parsed or am i wrong. Cus this is what am seeing. Origonally the user had the name as: example
name'a'name
which i can understand how php can get confused here
exp: $var = 'name'a'name'
which is proven by the output of the error log
Wed Mar 24 00:11:57 2004 - Error, invalid username: name
using nam_a_name bombed as well
Wed Mar 24 00:16:18 2004 - Error, invalid username: name_a_name
is there a way to escape these problems in php without having the escape procces fall into aloop were the escape needs to be escaped ect...
hence a string having a back slash in its user name string would cause a problem as well.
The only thing i can think of is either say your not able to have special charaters in a username or, the username parsed each time to get each special charater escaped before output instead of in the saved username within the database.
Special Characters in User Names
Posted on: 03/25/04 01:25pm
By: Dirk
This is something we have to address in future versions ...
Traditionally, Geeklog didn't really care about special characters in the username as it's using the user id internally all the time anyway. In 1.3.9, GET and POST parameters are filtered more strictly than before and as a result, some characters that were allowed before will be silently stripped off now.
Future versions will probably be more restrictive with regards to the allowable characters and we will have to come up with conversion functions for existing user names ...
bye, Dirk
Special Characters in User Names
Posted on: 03/27/04 12:38am
By: buddilla
Thanks Much.
Maybe a plugin that searches usernames removes the characters then emails the user with the new name.