Feeling Lucky
[#1787] - Corrected and extended backend usernames validation
- Closed
- 7 Oct 2013
- Medium
- Build: master
- # 1787
- Diff
- smanzi:User-validation
- Foreign ID 30586
- Success default The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Corrected backend username validation to ensure validation according to
the stated rules:
Please enter a valid username. No spaces, at least 2 characters and must
not contain the following characters: < > \ " ' % ; ( ) &
I'm not trimming the username and let the regex check for spaces.
Extended validation against the ../ as string this can be potentialy
used for exploits.
See tracker issue
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=30586
