[TYPO3-core] RFC: Bugfix #5630: Install tool removes dots from admin usernames and replace ereg_replace with preg_replace

[Oliver Hader]

Hi Stefano,

Stefano Kowalke schrieb:
> This is a patch request.
> 
> BT reference: http://bugs.typo3.org/view.php?id=5630
> 
> Branch: 4.2, trunk
> 
> Problem: 
> When attempting to create admin user with the following username:
> vlatko.surlan the dot gets removed from the username and finally user
> vlatkosurlan gets created. If this is a feature then it is a bad one. It
> should either reject the username as invalid or create it as specified but
> not modify user input under the hood and create something modified.
> 
> Solution:
> * add the dot "." to the regex:
> Before:
> [^[:alnum:]_-]
> 
> After:
> [^[:alnum:]._-]
> 
> * replace ereg_replace with preg_replace
> Before:
> ereg_replace('[^[:alnum:]._-] ...
> 
> After
> preg_replace('[^A-Za-z0-9._-] ...

The '/.../' delimiters for the regular expression pattern are missing in
your patch. That allows to create usernames like "+++olly+++!!&%?*". I
changed the patch to use "\w" (includes "_") as character class that
gets extended by "-" and ".".

Furthermore the line, replacing spaces to underscores is not required
since spaces had beed cut of before (this was the case with ereg as well).

+1 on reading and testing for the attached patch

If nobody objects I'm going to commit this change to TYPO3_4-2 and Trunk
later on today...

olly
-- 
Oliver Hader
TYPO3 4.3 Release Manager
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005630_v2.patch
Type: text/x-diff
Size: 938 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090111/5ed1eb55/attachment.patch