there is no validation or restrictions on usernames

Reported by Christopher Adams on 2011-06-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
aikiframework
High
Jakub Jankiewicz

Bug Description

Aiki does not do any checking for valid usernames nor is there a way to specify what a valid username should be.

In line with most web systems it seems preferable to restrict usernames to ascii values A-Z,a-z,0-9.

A check can be added to system/libraries/records.php

The function insert_from_form_to_db should include the case "username" where it can do the check

It would be necessary to add a new term into aiki_dictionary via sql/InsertDefaults.sql such as:

'the_username_is_not_valid', 'The username is not valid'

Changed in aikiframework:
importance: Undecided → High
milestone: none → 0.9

I'll note that Aiki seems to work okay with all manner of usernames (even containing spaces) so maybe this is a non-issue.

rejon (rejon) on 2011-06-06
Changed in aikiframework:
status: New → Confirmed
rejon (rejon) on 2011-06-14
Changed in aikiframework:
assignee: nobody → Aiki Framework Developers (aikiframework-devel)
rejon (rejon) on 2011-10-08
Changed in aikiframework:
assignee: Aiki Framework Developers (aikiframework-devel) → Jakub Jankiewicz (jcubic)
Jakub Jankiewicz (jcubic) wrote :

It can be implemented by adding RegEx to form filed and check it for every filed in forms if it exist

fieldname | permissions : title : custome : select name > select name & select value > select value: /[A-Za-z_0-9]+/

rejon (rejon) wrote :

fixing?

rejon (rejon) wrote :

bassel, any comments on this one?

Changed in aikiframework:
milestone: 0.9.0 → 0.9.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints