Ticket #4682 (closed defect: fixed)

Opened 4 years ago

Last modified 3 years ago

Registration of user names with colon could corrupt htpasswd file

Reported by: Mitar Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: precaution input username check
Cc: mmitar@gmail.com Trac Release: 0.11

Description

It should not allow registration of usernames with a : in them as they tend to break htpasswd file.

Attachments

Change History

05/28/09 14:11:09 changed by manski

This is fixed by the patch provided in #5295.

09/29/10 23:11:10 changed by hasienda

  • owner changed from mgood to hasienda.
  • keywords set to precaution input username check.
  • summary changed from Username with a : to Registration of user names with colon could corrupt htpasswd file.

10/07/10 14:37:34 changed by hasienda

  • status changed from new to closed.
  • resolution set to fixed.

We've got some suggestions and even patches to improve checking for invalid usernames in the registration procedure. Therefore now we've added the following checks in [9260]:

  • against a list of reserved names (refs #5295)
  • against a admin-configurable character blacklist, by default containing
    • colon, since it's corrupting HtPasswdStore (closes #4682)
    • '[' and ']', since they're corrupting SvnServePasswordStore (closes #2630)

Additionally we're taking care of and instantly remove surrounding whitespace around usernames and email addresses (closes #7087).

Thanks to all contributors, especially to manski, for exceptional help by reviewing tickets and bundling related issues.

Add/Change #4682 (Registration of user names with colon could corrupt htpasswd file)




Change Properties
Action