#354 mod users change request
With mod users, individual users and groups are to define. Permissions may assigned to both. And very powerfull, groups may contain groups. So far, that equal matters pWS 0.x.x and 1.0.0
There are now restrictions about naming users and groups. While users have names of preg \w, defined in users config as constant, group names tested in class group with preg \w\s.
My request is, to extent - to allow - group names also may contain special characters @ (at), . (dot) and % (percent). The underscore just meets with /w.
Why this?
First, why not special characters in a group name? Modules may interpret the occurrence of such special characters for some generic behaviour. Second, group names may be structured, like with a dot, to have some "speaking" values.
What against special characters? One serious aspect often discussed is sql injection. That is the reason why some characters (like ;) is seen as acid in the content. But the mentioned characters @.% will not impact. Of course, percent is joker for the sql like clause, but underscore is also (and allowed by \w) and matters only the like clause. And the At character often is found in databases because its essential with email addresses.
Conclusion: To have the possibility in pWS to use groups with assigned members and to have permissions associated, is a powerful function, saving so much work in the own implementation of some security features.
This logic may be powered up by granting group names a bit less restrictive, as suggested above.
To have an impression about the request, read http://dcp.dc4db.net/index.php?module=dcpublisher&DCP_OP=showDoc&DCP_DOC=authorsGuide04.us#a5004
BTW, I only speak about group names, not about user names.
Regards
Hilmar
Logged In: YES
user_id=957487
Originator: YES
Suggestion:
Without to run in danger to have overcustomization, I would be happy if a define directive in core/config.php would contain the preg string about valid group names, that defaults to the current behavior, but easy becomes changeable. Being an convinced enemy of any hack, I think, anybody knowing what doing may alter such preg pattern at a right place to gain rich functional extensions.
Hilmar