User tests: Successful: Unsuccessful:
Pull Request for Issue #12804
Authorise the use of a single quote in the local-part of an email address by changing ’
to '
in the regex.
Single quote is authorised by RFC-2822 while #8217
’
is not
Create or change the email of a user to include a single quote, for example
John.O'Connor@foobar.com
It will now validate and save ok.
Display that type of mail in frontend in an article.
Make sure the mailcloak plugin is enabled.
Check source: the address is cloaked OK
Status | New | ⇒ | Pending |
Category | ⇒ | Libraries JavaScript Front End Plugins Unit Tests |
@infograf768 in #10760 I used the official w3c code for the reg ex, now you are modifying this. So if there was a mistake in my copy paste then this is a nice finding, but if it's not the case I would say stick with the official code.
EDIT: That was me (actually my freaking mac changing the quote)! So this is fine!
The problem is that the W3 regex is totally wrong, just a typo but an important one.
I had also used it in an older patch in 2014 (sorry folks, I was the one who introduced this in J..)
Their example of regex is wrong, as you can see in the RFC-2822 https://tools.ietf.org/html/rfc2822#section-3.4.1
See extract here:
#12804 (comment)
Wikipedia is also OK on this.
EDITL it was not wrong, @dgt41, on the part you used, but elsewhere at the time:
See https://www.w3.org/TR/html-markup/input.email.html
That is, any string which matches the following regular expression:
/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/
I have tested this item
Status | Pending | ⇒ | Ready to Commit |
RTC
Thanks @infograf768
In the username field the '
character 39 isn't allowed as well, so you can't use email addresses (John.O'Connor@foobar.com) as usernames as it is often used.
Good point
On 9 Nov 2016 7:10 a.m., "hotkeeper" notifications@github.com wrote:
In the username field the ' character 39 isn't allowed as well, so you
can't use email addresses (John.O'Connor@foobar.com) as usernames as it
is often used.—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8TgLkwIWIL6WNxvuPw7aD2nq3tFVks5q8XHugaJpZM4KsVn2
.
Tip says:
Save failed with the following error: Please enter a valid username. No space at beginning or end, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &.
I would contact JSST on this.
And that's wrong. It is perfectly valid to have a name with a ' in it
The regex was similar in 2.5. I would not be so sure that it is valid. Let's first check.
As long as the input (and output) is properly escaped, it should be no problem to allow that.
If not, it may allow some security issues. I guess that is the reason it isn't allowed currently, to be on the safe side?
I guess so. I also checked in 1.6.5 and same regex.
As well in 1.5
@infograf768 @Bakual @brianteeman I wouldn't change the validate.js to allow '
in the username, if somebody wants to do that let them override that rule!
On what basis would you justify not allowing someone to use their name -
tryng to understand the logic of your statement
On 9 November 2016 at 08:56, Dimitri Grammatikogianni <
notifications@github.com> wrote:
@infograf768 https://github.com/infograf768 @Bakual
https://github.com/Bakual @brianteeman https://github.com/brianteeman
I wouldn't change the validate.js to allow ' in the username, if somebody
wants to do that let them override that rule!—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8baBI2jTW8VdPNA3R0EY2COrmdTAks5q8XzLgaJpZM4KsVn2
.
Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/
@brianteeman it's all about forbidden characters, and single quote is one of them
Try telling that to everyone with a forbidden character in their name -
maybe it is rare in greece to have a ' in your name but it is VERY common
in many countries
On 9 November 2016 at 09:13, Dimitri Grammatikogianni <
notifications@github.com> wrote:
@brianteeman https://github.com/brianteeman it's all about forbidden
characters, and single quote is one of them—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8cykBhfVkfVVJy10_M2StYKjmVT7ks5q8YCvgaJpZM4KsVn2
.
Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/
'Name' is not 'Username'
One can enter a single quote in the Name.
If security requires not to use these special characters in a Username since 1.5, there must have been a reason.
@brianteeman my last name is way too long to fit in most sites placeholders for that, so I have to cut it so it doesn t look awkward.
@infograf768 I don't see any gain of allowing single quotes in the username field
@hotkeeper if you want to do that, there plenty plugins in the extensions directory that will allow you to do it correctly, (use email instead of username)
See also discussion here:
https://groups.google.com/forum/#!topic/joomla-dev-cms/c5Pq2ANXCOI
Status | Ready to Commit | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-11-10 09:02:07 |
Closed_By | ⇒ | rdeutz |
I have tested this item✅ successfully on e0cbe2b
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12835.