Welcome to Geeklog, Anonymous Friday, November 08 2024 @ 08:51 pm EST
Geeklog Forums
Special Characters in User Names
Since the update from 1.3.8 to 1.3.9 I have found that users that had special characters in thier usernames could not login.
Im glad i dont have alot of users that have special chararters. Shouldnt the User Names be simple strings that are not parsed or am i wrong. Cus this is what am seeing. Origonally the user had the name as: example
name'a'name
which i can understand how php can get confused here
exp: $var = 'name'a'name'
which is proven by the output of the error log
Wed Mar 24 00:11:57 2004 - Error, invalid username: name
using nam_a_name bombed as well
Wed Mar 24 00:16:18 2004 - Error, invalid username: name_a_name
is there a way to escape these problems in php without having the escape procces fall into aloop were the escape needs to be escaped ect...
hence a string having a back slash in its user name string would cause a problem as well.
The only thing i can think of is either say your not able to have special charaters in a username or, the username parsed each time to get each special charater escaped before output instead of in the saved username within the database.
Im glad i dont have alot of users that have special chararters. Shouldnt the User Names be simple strings that are not parsed or am i wrong. Cus this is what am seeing. Origonally the user had the name as: example
name'a'name
which i can understand how php can get confused here
exp: $var = 'name'a'name'
which is proven by the output of the error log
Wed Mar 24 00:11:57 2004 - Error, invalid username: name
using nam_a_name bombed as well
Wed Mar 24 00:16:18 2004 - Error, invalid username: name_a_name
is there a way to escape these problems in php without having the escape procces fall into aloop were the escape needs to be escaped ect...
hence a string having a back slash in its user name string would cause a problem as well.
The only thing i can think of is either say your not able to have special charaters in a username or, the username parsed each time to get each special charater escaped before output instead of in the saved username within the database.
22
20
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
This is something we have to address in future versions ...
Traditionally, Geeklog didn't really care about special characters in the username as it's using the user id internally all the time anyway. In 1.3.9, GET and POST parameters are filtered more strictly than before and as a result, some characters that were allowed before will be silently stripped off now.
Future versions will probably be more restrictive with regards to the allowable characters and we will have to come up with conversion functions for existing user names ...
bye, Dirk
Traditionally, Geeklog didn't really care about special characters in the username as it's using the user id internally all the time anyway. In 1.3.9, GET and POST parameters are filtered more strictly than before and as a result, some characters that were allowed before will be silently stripped off now.
Future versions will probably be more restrictive with regards to the allowable characters and we will have to come up with conversion functions for existing user names ...
bye, Dirk
13
21
Quote
All times are EST. The time is now 08:51 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content