Modify ↓
Opened 16 years ago
Closed 14 years ago
#4682 closed defect (fixed)
Registration of user names with colon could corrupt htpasswd file
Reported by: | Mitar | Owned by: | Steffen Hoffmann |
---|---|---|---|
Priority: | normal | Component: | AccountManagerPlugin |
Severity: | normal | Keywords: | precaution input username check |
Cc: | Mitar | Trac Release: | 0.11 |
Description
It should not allow registration of usernames with a : in them as they tend to break htpasswd file.
Attachments (0)
Change History (3)
comment:1 Changed 16 years ago by
comment:2 Changed 14 years ago by
Keywords: | precaution input username check added |
---|---|
Owner: | changed from Matt Good to Steffen Hoffmann |
Summary: | Username with a : → Registration of user names with colon could corrupt htpasswd file |
comment:3 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
We've got some suggestions and even patches to improve checking for invalid usernames in the registration procedure. Therefore now we've added the following checks in [9260]:
- against a list of reserved names (refs #5295)
- against a admin-configurable character blacklist, by default containing
Additionally we're taking care of and instantly remove surrounding whitespace around usernames and email addresses (closes #7087).
Thanks to all contributors, especially to manski, for exceptional help by reviewing tickets and bundling related issues.
Note: See
TracTickets for help on using
tickets.
This is fixed by the patch provided in #5295.