Feeling Lucky
[#1751] - Corrected and extended backend usernames validation
- Closed
- 13 Oct 2013
- Medium
- Build: master
- # 1751
- Diff
- smanzi:staging
- Foreign ID 30586
- Success default The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Corrected backend username validation to ensure validation according to the stated rules:
Please enter a valid username. No spaces, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &
I'm not trimming the username and let the regex check for spaces.
Extended validation against the ../ as string this can be potentialy used for exploits.
See tracker issue
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30586
The related item on the tracker indicates that this has been committed