#2626 New user with space in username is not editable

v4.2.1
closed-fixed
None
5
2009-10-24
2009-07-01
No

One of my new users managed to register to request a login with a leading space in her username. I don't know whether any special steps were involved getting into this state, but here's what I saw from Admin:

1. In the User List, her username, first and last name, date registered, etc. showed up. "User verified himself" showed "Yes".
2. But when I clicked "Edit", only her username was filled in -- first and last name, email address, "User verified himself" checkbox, etc. were all blank/unchecked.
3. I filled in the first and last name, GEDCOM INDI, email, etc., and clicked User Approved by Admin, and clicked "Update User Account", and the same page refreshed with all the data blank again... none of my changes were applied, apparently.

I couldn't find any way to approve the user through the web. I then looked at the row in the pgv_users table, and I noticed that u_username=' xyzzy' (note the leading space before "xyzzy"). When I did a SQL UPDATE to set u_username='xyzzy' (no leading space), then I was able to approve the user through the web.

Discussion

  • Greg Roach

    Greg Roach - 2009-07-01

    login_register.php needs to validate its input using the safe_XXX() functions. This will ensure that its parameters are trimmed, the same as login.php, user_admin.php, etc.

     
  • Greg Roach

    Greg Roach - 2009-07-15
    • assigned_to: nobody --> fisharebest
    • status: open --> pending-fixed
     
  • Greg Roach

    Greg Roach - 2009-07-15

    Fixed in SVN

     
  • SourceForge Robot

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 100 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending-fixed --> closed-fixed
     

Log in to post a comment.