Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Side-effects of allowing "special" characters in username?

Using $Configuration['Garden']['User']['ValidationRegex'] in config.php, I just expanded the regex to allow a few extra characters in peoples' usernames, namely the period, parenthesis, and brackets ([ and ]).

This did cause an issue with the Quotes plugin until I changed the regex in there, and now that works okay. I just wanted to see if there was anything else that might possibly break or have issues because to this change, or if I should be good to go?

Comments

  • Mentions will be broken.

    This means you don't be able to @Shmizzle a user to notify them.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • Thanks. I actually disabled that feature when I first installed the forum, so that's no big deal.

    Anything else do you think?

  • Not much else will be broken as most of Vanilla and many plugins use the unique user ID instead of the user name for references to users in the code.

    Add Pages to Vanilla with the Basic Pages app

  • peregrineperegrine MVP
    edited November 2013

    I believe plugins that use url formatting of username with unicode might have a problem, if you are using unicode since one of the functions strips punctuation.

    if you are not using unicode the above is a moot point.

    at least what i gather from below

    e.g.

     public static function Url($Mixed) {
              if (!is_string($Mixed))
                 return self::To($Mixed, 'Url');
    
              // Preliminary decoding
              $Mixed = strip_tags(html_entity_decode($Mixed, ENT_COMPAT, 'UTF-8'));
              $Mixed = strtr($Mixed, self::$_UrlTranslations);
    
              // Test for Unicode PCRE support
              // On non-UTF8 systems this will result in a blank string.
              $UnicodeSupport = (preg_replace('`[\pP]`u', '', 'P') != '');
    
              // Convert punctuation, symbols, and spaces to hyphens
              if ($UnicodeSupport)
                 $Mixed = preg_replace('`[\pP\pS\s]`u', '-', $Mixed); 
    

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.