Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#4481] - Numeric usernames can start with a space

?
avatar pe7er
pe7er
8 Oct 2014

Reported in forum by "---finder" http://forum.joomla.org/viewtopic.php?f=728&t=861038 and I was able to reproduce the bug.

Steps to reproduce the issue

Create a new user on front-end with username that starts with space and only contains numbers,
e.g. " 123" (space + 123).

Expected result

Expected error: "Registration failed: Please enter a valid username. No space at beginning or end, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &"

This error is shown when you try to create a new user on front-end with "alphanumeric" username, e.g. " 123test" (space + 123test).

Actual result

Username with space + numbers has been created & the following message is displayed:
"Message
Your account has been created and an activation link has been sent to the email address you entered. Note that you must activate the account by clicking on the activation link when you get the email before you can login."

System information (as much as possible)

Version: Joomla! 3.3.7-dev Development [ Ember ] 01-October-2014 02:00 GMT

Additional comments

Votes

# of Users Experiencing Issue
0/1
Average Importance Score
5.00
avatar pe7er pe7er - open - 8 Oct 2014
avatar brianteeman brianteeman - change - 8 Oct 2014
Status New Confirmed
avatar brianteeman
brianteeman - comment - 8 Oct 2014

I can confirm this

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4481.

avatar beat
beat - comment - 8 Oct 2014

Usernames should be trimmed by JForms, like any other text field.

Smells like a more general bug ?

avatar pe7er
pe7er - comment - 8 Oct 2014

Related to http://issues.joomla.org/tracker/joomla-cms/4484 "Usernames can start with a non-breakable space" (and with #4484 the usernames can be alpha/numeric/alphanumeric)

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4481.

avatar pe7er
pe7er - comment - 8 Oct 2014

The usernames are filtered by JForms
In /components/com_users/models/forms/registration.xml
< field name="username" type="text"
class="validate-username"
description="COM_USERS_DESIRED_USERNAME"
filter="username"
label="COM_USERS_REGISTER_USERNAME_LABEL"
message="COM_USERS_REGISTER_USERNAME_MESSAGE"
required="true"
size="30"
validate="username"
/>

so filter="username" and according to http://docs.joomla.org/Retrieving_request_data_using_JInput
USERNAME
// Strips all invalid username characters.
$result = (string) preg_replace('/[\x00-\x1F\x7F<>"\'%&]/', '', $source)

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4481.

avatar joomdonation
joomdonation - comment - 9 Oct 2014

Hi

I made the pull request to fix the issue #4489 . The reason of the issue is explained in the pull request as well. Please help testing when you have time :) .

avatar Bakual
Bakual - comment - 9 Oct 2014

Closing as we have a PR.

avatar Bakual Bakual - close - 9 Oct 2014
avatar zero-24 zero-24 - close - 9 Oct 2014
avatar Bakual Bakual - change - 9 Oct 2014
Status Confirmed Closed
Closed_Date 0000-00-00 00:00:00 2014-10-09 05:46:45
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment