? Success

User tests: Successful: Unsuccessful:

avatar infograf768
infograf768
8 Nov 2016

Pull Request for Issue #12804

Summary of Changes

Authorise the use of a single quote in the local-part of an email address by changing to ' in the regex.
Single quote is authorised by RFC-2822 while #8217 is not

Testing Instructions

Create or change the email of a user to include a single quote, for example
John.O'Connor@foobar.com
It will now validate and save ok.

Display that type of mail in frontend in an article.
Make sure the mailcloak plugin is enabled.

Check source: the address is cloaked OK

avatar infograf768 infograf768 - open - 8 Nov 2016
avatar infograf768 infograf768 - change - 8 Nov 2016
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 8 Nov 2016
Category Libraries JavaScript Front End Plugins Unit Tests
avatar SharkyKZ SharkyKZ - test_item - 8 Nov 2016 - Tested successfully
avatar SharkyKZ
SharkyKZ - comment - 8 Nov 2016

I have tested this item successfully on e0cbe2b


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12835.

avatar dgt41
dgt41 - comment - 8 Nov 2016

@infograf768 in #10760 I used the official w3c code for the reg ex, now you are modifying this. So if there was a mistake in my copy paste then this is a nice finding, but if it's not the case I would say stick with the official code.

EDIT: That was me (actually my freaking mac changing the quote)! So this is fine!

avatar infograf768
infograf768 - comment - 8 Nov 2016

The problem is that the W3 regex is totally wrong, just a typo but an important one.
I had also used it in an older patch in 2014 (sorry folks, I was the one who introduced this in J..)
Their example of regex is wrong, as you can see in the RFC-2822 https://tools.ietf.org/html/rfc2822#section-3.4.1
See extract here:
#12804 (comment)
Wikipedia is also OK on this.

EDITL it was not wrong, @dgt41, on the part you used, but elsewhere at the time:
See https://www.w3.org/TR/html-markup/input.email.html

That is, any string which matches the following regular expression:
/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/
avatar dgt41 dgt41 - test_item - 8 Nov 2016 - Tested successfully
avatar dgt41
dgt41 - comment - 8 Nov 2016

I have tested this item successfully on e0cbe2b


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12835.

avatar dgt41 dgt41 - change - 8 Nov 2016
Status Pending Ready to Commit
avatar dgt41
dgt41 - comment - 8 Nov 2016

RTC

Thanks @infograf768

avatar hotkeeper
hotkeeper - comment - 9 Nov 2016

In the username field the ' character 39 isn't allowed as well, so you can't use email addresses (John.O'Connor@foobar.com) as usernames as it is often used.

avatar brianteeman
brianteeman - comment - 9 Nov 2016

Good point

On 9 Nov 2016 7:10 a.m., "hotkeeper" notifications@github.com wrote:

In the username field the ' character 39 isn't allowed as well, so you
can't use email addresses (John.O'Connor@foobar.com) as usernames as it
is often used.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8TgLkwIWIL6WNxvuPw7aD2nq3tFVks5q8XHugaJpZM4KsVn2
.

avatar infograf768
infograf768 - comment - 9 Nov 2016

Tip says:

Save failed with the following error: Please enter a valid username. No space at beginning or end, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &.

I would contact JSST on this.

avatar brianteeman
brianteeman - comment - 9 Nov 2016

And that's wrong. It is perfectly valid to have a name with a ' in it

avatar infograf768
infograf768 - comment - 9 Nov 2016

The regex was similar in 2.5. I would not be so sure that it is valid. Let's first check.

avatar Bakual
Bakual - comment - 9 Nov 2016

As long as the input (and output) is properly escaped, it should be no problem to allow that.
If not, it may allow some security issues. I guess that is the reason it isn't allowed currently, to be on the safe side?

avatar infograf768
infograf768 - comment - 9 Nov 2016

I guess so. I also checked in 1.6.5 and same regex.
As well in 1.5

avatar dgt41
dgt41 - comment - 9 Nov 2016

@infograf768 @Bakual @brianteeman I wouldn't change the validate.js to allow ' in the username, if somebody wants to do that let them override that rule!

avatar brianteeman
brianteeman - comment - 9 Nov 2016

On what basis would you justify not allowing someone to use their name -
tryng to understand the logic of your statement

On 9 November 2016 at 08:56, Dimitri Grammatikogianni <
notifications@github.com> wrote:

@infograf768 https://github.com/infograf768 @Bakual
https://github.com/Bakual @brianteeman https://github.com/brianteeman
I wouldn't change the validate.js to allow ' in the username, if somebody
wants to do that let them override that rule!


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8baBI2jTW8VdPNA3R0EY2COrmdTAks5q8XzLgaJpZM4KsVn2
.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/

avatar dgt41
dgt41 - comment - 9 Nov 2016

@brianteeman it's all about forbidden characters, and single quote is one of them

avatar brianteeman
brianteeman - comment - 9 Nov 2016

Try telling that to everyone with a forbidden character in their name -
maybe it is rare in greece to have a ' in your name but it is VERY common
in many countries

On 9 November 2016 at 09:13, Dimitri Grammatikogianni <
notifications@github.com> wrote:

@brianteeman https://github.com/brianteeman it's all about forbidden
characters, and single quote is one of them


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8cykBhfVkfVVJy10_M2StYKjmVT7ks5q8YCvgaJpZM4KsVn2
.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/

avatar infograf768
infograf768 - comment - 9 Nov 2016

'Name' is not 'Username'
One can enter a single quote in the Name.

If security requires not to use these special characters in a Username since 1.5, there must have been a reason.

avatar dgt41
dgt41 - comment - 9 Nov 2016

@brianteeman my last name is way too long to fit in most sites placeholders for that, so I have to cut it so it doesn t look awkward.
@infograf768 I don't see any gain of allowing single quotes in the username field

avatar hotkeeper
hotkeeper - comment - 9 Nov 2016

@dgt41 It is very common to use the email address as username, and a single quote is a valid character in an email address!

avatar dgt41
dgt41 - comment - 9 Nov 2016

@hotkeeper if you want to do that, there plenty plugins in the extensions directory that will allow you to do it correctly, (use email instead of username)

avatar infograf768
infograf768 - comment - 9 Nov 2016
avatar infograf768
infograf768 - comment - 10 Nov 2016

@rdeutz
As anyhow the username discussion is unrelated to this PR, please merge. Thanks.

avatar rdeutz rdeutz - change - 10 Nov 2016
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2016-11-10 09:02:07
Closed_By rdeutz
avatar rdeutz rdeutz - close - 10 Nov 2016
avatar rdeutz rdeutz - merge - 10 Nov 2016
avatar rdeutz rdeutz - reference | 68a8d2c - 10 Nov 16
avatar rdeutz rdeutz - merge - 10 Nov 2016
avatar rdeutz rdeutz - close - 10 Nov 2016

Add a Comment

Login with GitHub to post a comment