#201 users/edit-alias does not verify alias targets

v2.3.1
closed-fixed
nobody
None
9
2010-09-11
2010-07-09
Christian Boltz
No

Looks like users/edit-alias does not verify the alias targets (or the verification is broken) - it just accepted "foo" as alias target...

(2.3 has the same bug, therefore no regression and no reason to delay the 2.3.1 release ;-)

Discussion

  • This bug has a very interesting solution: It's fixed by adding $error = 0; before checking the alias targets.

    With $error uninitialized, $error += 1 is still === 0 - at least PHP thinks so...

    Lection learned: always initialize your variables!

    Fixed in the 2.3 branch (SVN r850).

    The not-so-good news is that some internals of edit-alias aren't too nice - for example, $goto[] can contain an element with empty string. I added a check for that in the 2.3 branch, but we should use a better solution (avoid empty elements in $goto) in trunk ;-)

     
  • Fixed in trunk (r862) also. Still with the "ugly" solution because it was simple to merge, but I at least added a TODO note to my local copy ;-)

     
    • status: open --> closed-fixed