[TYPO3-core] RFC: Bugfix #5630: Install tool removes dots from admin usernames and replace ereg_replace with preg_replace
Oliver Hader
oliver at typo3.org
Sun Jan 11 02:39:22 CET 2009
Hi Stefano,
Stefano Kowalke schrieb:
> This is a patch request.
>
> BT reference: http://bugs.typo3.org/view.php?id=5630
>
> Branch: 4.2, trunk
>
> Problem:
> When attempting to create admin user with the following username:
> vlatko.surlan the dot gets removed from the username and finally user
> vlatkosurlan gets created. If this is a feature then it is a bad one. It
> should either reject the username as invalid or create it as specified but
> not modify user input under the hood and create something modified.
>
> Solution:
> * add the dot "." to the regex:
> Before:
> [^[:alnum:]_-]
>
> After:
> [^[:alnum:]._-]
>
> * replace ereg_replace with preg_replace
> Before:
> ereg_replace('[^[:alnum:]._-] ...
>
> After
> preg_replace('[^A-Za-z0-9._-] ...
The '/.../' delimiters for the regular expression pattern are missing in
your patch. That allows to create usernames like "+++olly+++!!&%?*". I
changed the patch to use "\w" (includes "_") as character class that
gets extended by "-" and ".".
Furthermore the line, replacing spaces to underscores is not required
since spaces had beed cut of before (this was the case with ereg as well).
+1 on reading and testing for the attached patch
If nobody objects I'm going to commit this change to TYPO3_4-2 and Trunk
later on today...
olly
--
Oliver Hader
TYPO3 4.3 Release Manager
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005630_v2.patch
Type: text/x-diff
Size: 938 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090111/5ed1eb55/attachment.patch
More information about the TYPO3-team-core
mailing list