The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Registration
#1
Hi,

I'm currently testing the registration form and the Username requires "No Spaces or Special Characters - Min 5 characters", but there is no check for spaces or special chars. Thus I included an new rule in "join.php", i.e.
Code:
'no_special_char' => true,
And in "Validate.php" I then added:
<pre>
Code:
case 'no_special_char':
    if (!ctype_alnum($value)) {
       $this->addError(["{$display} must not contain special characters or spaces.",$item]);
    }
    break;
</pre>


Further, I found that it is not possible to use passwords containing some special chars, e.g. mypassword§${3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}, the validation says "Password and Confirm must match". Thus I found in "Validate.php" that the "$value" is sanitized, which is essentially the "htmlentities" check in "helpers.php". But, for the "match" case "$source[$rule_value]" is not sanitized. Thus I simply applied the sanitize function to "$source[$rule_value]" and everything works fine.

Cheers,
Sebastian
  Reply
#2
Great catch! We can fix that. That is a holdover from an old version that never got updated.
  Reply
#3
Instead of using sanitize just add the same validation for updating the password. Of course I suppose you could change it to allow special characters. I'll wind up doing that since it's ridiculous to restrict people from using them.
  Reply
#4
Yep. That's a legacy thing from UserCake. I agree. I also don't see why usernames need to be 5 or 6 characters. That will get changed. Obviously all that stuff is user changeable for a reason.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)