User names can't contain "_" (underscore)

This is the place to discuss bugs that have been found in the most recent version of PivotX. Posting bugs will ensure that the Development Team is aware of them and that they will be addressed when resources are available.

User names can't contain "_" (underscore)

Postby fms » Mon Dec 28, 2009 9:00 am

Hi. I started using PivotX just recently. This is really cool, and I'm looking foward to heavily using it from now on.

When creating a new user from "Administration->Users", the Username field replaces "_" (underscore) with "-" (hyphen) upon input, even though the field description says usernames can contain underscores.

I found the cause of that behavior in setSafename() in pivotx/includes/js/pivotx.js, but I also noticed that the server-side counterpart of this function is not available. User names are validated using safe_string() in pivotx/lib.php, which passes "-" (hyphen). Because username restrictions are a little more strict than a normal safe string, wouldn't it be better to have a separate criteria and validation logic for a user name?

I'm attaching below a patch for the above two changes for your reference for svn release 2278.

fumifumi@abacustech.jp

Code: Select all
diff -a -u -w -r trunk-2278-20091228.orig/pivotx/forms.php trunk-2278-20091228/pivotx/forms.php
--- trunk-2278-20091228.orig/pivotx/forms.php   2009-12-28 17:03:29.000000000 +0900
+++ trunk-2278-20091228/pivotx/forms.php   2009-12-28 17:07:58.000000000 +0900
@@ -398,7 +398,7 @@
         'size' => 20,
         'isrequired' => 1,
         'text' => makeJtip(__('Username'), __('Usernames can only contain lowercase alphanumeric characters (a-z, 0-9) and underscores (_).')),
-        'validation' => 'string|minlen=2|maxlen=20|safestring'
+        'validation' => 'string|minlen=2|maxlen=20|safeusername'
     ));
 
     $form->add( array(
@@ -742,7 +742,7 @@
             'error' => __('That\'s not a proper username!'),
             'size' => 20,
             'text' => makeJtip(__('Username'), __('Usernames can only contain lowercase alphanumeric characters (a-z, 0-9) and underscores (_).')),
-            'validation' => 'string|minlen=2|maxlen=20|safestring',
+            'validation' => 'string|minlen=2|maxlen=20|safeusername',
             'extra' => "onKeyUp=\"setSafename('username','username');\" onChange=\"setSafename('username','username');\""
         ));
 
diff -a -u -w -r trunk-2278-20091228.orig/pivotx/includes/js/pivotx.js trunk-2278-20091228/pivotx/includes/js/pivotx.js
--- trunk-2278-20091228.orig/pivotx/includes/js/pivotx.js   2009-12-28 17:03:25.000000000 +0900
+++ trunk-2278-20091228/pivotx/includes/js/pivotx.js   2009-12-28 17:07:58.000000000 +0900
@@ -755,8 +755,8 @@
     str = str.toLowerCase();
         
     str = str.replace(/^\s*/, '').replace(/\s*$/, '');
-    str = str.replace(/[ _]/g, "-");
-    str = str.replace(/[^a-z0-9-]/g, "");
+    str = str.replace(/ /g, "_");
+    str = str.replace(/[^a-z0-9_]/g, "");
     str = str.replace(/-+/g, "-");
     
     $('#'+to).val( str );
diff -a -u -w -r trunk-2278-20091228.orig/pivotx/lib.php trunk-2278-20091228/pivotx/lib.php
--- trunk-2278-20091228.orig/pivotx/lib.php   2009-12-28 17:03:29.000000000 +0900
+++ trunk-2278-20091228/pivotx/lib.php   2009-12-28 17:07:59.000000000 +0900
@@ -4231,6 +4231,20 @@
 }
 
 
+/**
+ * Returns if a given user name is safe or not - basically only lowercase US-ASCII,
+ * numbers and underscore as implemented in setSafename() in pivotx/includes/js/pivotx.js.
+ * safe_string() allows "-" which is not allowed in a safe user name.
+ * December 28, 2009 - fumifumi@abacustech.jp Fumiyuki Shimizu
+ *
+ * @param string $str
+ */
+function is_safe_username($str) {
+
+    return $str == safe_string(preg_replace("[-\\s]", "", $str),true,"");
+}
+
+
 
 /**
  * Modify a string, so that we can use it for URI's. Like
diff -a -u -w -r trunk-2278-20091228.orig/pivotx/modules/formclass.php trunk-2278-20091228/pivotx/modules/formclass.php
--- trunk-2278-20091228.orig/pivotx/modules/formclass.php   2009-12-28 17:03:29.000000000 +0900
+++ trunk-2278-20091228/pivotx/modules/formclass.php   2009-12-28 17:07:59.000000000 +0900
@@ -955,6 +955,9 @@
             case "safestring":
                 return ($value == safe_string($value, true));
 
+            case "safeusername":
+                return is_safe_username($value);
+
 
             case 'datetime':
                  return preg_match('/([0-9]{4}-[0-9]{2}-[0-9]{2}\s[0-9]{2}:[0-9]{2}:[0-9]{2})/', $value);
fms
 
Posts: 11
Joined: Mon Dec 28, 2009 8:36 am

Return to 2.x Bugs

Who is online

Users browsing this forum: No registered users and 1 guest

cron