Modify

Opened 9 years ago

Closed 7 years ago

#4682 closed defect (fixed)

Registration of user names with colon could corrupt htpasswd file

Reported by: Mitar Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: precaution input username check
Cc: Mitar Trac Release: 0.11

Description

It should not allow registration of usernames with a : in them as they tend to break htpasswd file.

Attachments (0)

Change History (3)

comment:1 Changed 9 years ago by Sebastian Krysmanski

This is fixed by the patch provided in #5295.

comment:2 Changed 7 years ago by Steffen Hoffmann

Keywords: precaution input username check added
Owner: changed from Matt Good to Steffen Hoffmann
Summary: Username with a :Registration of user names with colon could corrupt htpasswd file

comment:3 Changed 7 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

We've got some suggestions and even patches to improve checking for invalid usernames in the registration procedure. Therefore now we've added the following checks in [9260]:

  • against a list of reserved names (refs #5295)
  • against a admin-configurable character blacklist, by default containing
    • colon, since it's corrupting HtPasswdStore (closes #4682)
    • '[' and ']', since they're corrupting SvnServePasswordStore (closes #2630)

Additionally we're taking care of and instantly remove surrounding whitespace around usernames and email addresses (closes #7087).

Thanks to all contributors, especially to manski, for exceptional help by reviewing tickets and bundling related issues.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.