[#1497] - Extending backend validation for usernames, introduced trimming
- Closed
- 13 Oct 2013
- Medium
- Build: master
- # 1497
- Diff
- madasha:username-bug-30586
- Foreign ID 30586
- Success default The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Extended backend username validation and trimmed the username to ensure validation according to the stated rules:
Please enter a valid username. No spaces, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &
Also, added validation for potentially exploiting usernames, such as user../etc/passwd/name.
See tracker issue http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30586
Actually, also the \s needs 2 of them: \\ and the 2 dots . too. Fixed my proposed regex above. (warning: i had to double them in the commenting field edit so they display correctly...today...who knows if it's a github bug).
According to the related item on the issue tracker this has been committed
Are you sure you want 3 backslashes before the square bracket close ?
That removes the initial regex effect imho. You need probably 4 to have a valid escaped string there ?
Also see my comment above about merging the reexes.