Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#36814] - Permitted characters in usernames

No Code Attached Yet bug
avatar brianteeman
brianteeman
24 Jan 2022

Permitted characters in Usernames

The error message says

No space at beginning or end, at least 2 characters, must not have the following characters: \ " ' % ; ( )

BUT if you try the following

<<<brian>>> 	 	validation error
brian>test		not accepted	
brian<test		accepted as brian
brian<>test		accepted as briantest
<>			Field required: Login Name (Username)
<<			Field required: Login Name (Username)
>>			validation error

The code is

https://github.com/joomla/joomla-cms/blob/4.1-dev/libraries/src/Table/User.php#L226-L232

So it should be matching on the < and > characters and they should be in the error message

But other parts of the validation are breaking that i think

avatar brianteeman brianteeman - open - 24 Jan 2022
avatar joomla-cms-bot joomla-cms-bot - change - 24 Jan 2022
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 24 Jan 2022
avatar Shubhamverma2796
Shubhamverma2796 - comment - 26 Jan 2022

so failed message should be displayed if the user name contains < or > right?

avatar brianteeman
brianteeman - comment - 26 Jan 2022

or it should be accepted. Depends if the code is correct or the text is correct

avatar akshitrattan
akshitrattan - comment - 29 Jan 2022

I think the problem is not with the preg_match function
E.g- I removed the '%' character from the string and when I entered the input as '%' it was accepting it as a valid username
I tried a lot of permutations and combinations, and the problem only occurs when inputting "<>", maybe there is a problem with the clean function, because the input "<akshitrattan" is accepted but saved as "akshitrattan".

avatar Hackwar Hackwar - change - 17 Feb 2023
Labels Added: bug
avatar Hackwar Hackwar - labeled - 17 Feb 2023

Add a Comment

Login with GitHub to post a comment