Modify ↓
Opened 15 years ago
Closed 14 years ago
#4682 closed defect (fixed)
Registration of user names with colon could corrupt htpasswd file
| Reported by: | Mitar | Owned by: | Steffen Hoffmann |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | precaution input username check |
| Cc: | Mitar | Trac Release: | 0.11 |
Description
It should not allow registration of usernames with a : in them as they tend to break htpasswd file.
Attachments (0)
Change History (3)
comment:1 Changed 15 years ago by
comment:2 Changed 14 years ago by
| Keywords: | precaution input username check added |
|---|---|
| Owner: | changed from Matt Good to Steffen Hoffmann |
| Summary: | Username with a : → Registration of user names with colon could corrupt htpasswd file |
comment:3 Changed 14 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
We've got some suggestions and even patches to improve checking for invalid usernames in the registration procedure. Therefore now we've added the following checks in [9260]:
- against a list of reserved names (refs #5295)
- against a admin-configurable character blacklist, by default containing
Additionally we're taking care of and instantly remove surrounding whitespace around usernames and email addresses (closes #7087).
Thanks to all contributors, especially to manski, for exceptional help by reviewing tickets and bundling related issues.
Note: See
TracTickets for help on using
tickets.
This is fixed by the patch provided in #5295.