[TYPO3-core] RFC: Bugfix #5630: Install tool removes dots from admin usernames and replace ereg_replace with preg_replace
Steffen Kamper
info at sk-typo3.de
Sun Jan 11 13:01:35 CET 2009
Oliver Hader schrieb:
> Hi Stefano,
>
> Stefano Kowalke schrieb:
>> This is a patch request.
>>
>> BT reference: http://bugs.typo3.org/view.php?id=5630
>>
>> Branch: 4.2, trunk
>>
>> Problem:
>> When attempting to create admin user with the following username:
>> vlatko.surlan the dot gets removed from the username and finally user
>> vlatkosurlan gets created. If this is a feature then it is a bad one. It
>> should either reject the username as invalid or create it as specified but
>> not modify user input under the hood and create something modified.
>>
>> Solution:
>> * add the dot "." to the regex:
>> Before:
>> [^[:alnum:]_-]
>>
>> After:
>> [^[:alnum:]._-]
>>
>> * replace ereg_replace with preg_replace
>> Before:
>> ereg_replace('[^[:alnum:]._-] ...
>>
>> After
>> preg_replace('[^A-Za-z0-9._-] ...
>
> The '/.../' delimiters for the regular expression pattern are missing in
> your patch. That allows to create usernames like "+++olly+++!!&%?*". I
> changed the patch to use "\w" (includes "_") as character class that
> gets extended by "-" and ".".
>
> Furthermore the line, replacing spaces to underscores is not required
> since spaces had beed cut of before (this was the case with ereg as well).
>
> +1 on reading and testing for the attached patch
>
> If nobody objects I'm going to commit this change to TYPO3_4-2 and Trunk
> later on today...
>
> olly
>
More information about the TYPO3-team-core
mailing list