Item13839: UserMapping: validateRegistrationField is too strict on usernames - unable to add users containing underscore.
Priority: Urgent
Current State: Closed
Released In: 2.0.3
Target Release: patch
Applies To: Engine
Component: UserMapping
Branches: master
Foswiki::UserMapping::validateRegistrationField
recently (
distro:1f82ab0c) became stricter about validating registration fields, passing most of them through
Foswiki::entityEncode
.
Unfortunately,
entityEncode
encodes quite a few more characters than the ones that are problematic in terms of content validation, such as special characters from TML. One candidate that sticks out is the underscore (
_
). This turns any attempt to use the username
foo_bar
into
foo&95;bar
.
This affects not only registrations but also, for example, adding users to groups. The code in
Foswiki::UI::Register::addUserToGroup
filters each entry through the validation function, so that an attempt to add
foo_bar
to a group actually adds
foo&95;bar
which is nonsense.
The existing code in
validateRegistrationField
already has a special case for user names, matching them against
{LoginNameFilterIn}
. This is probably sufficient and the function should return the value as-is if this check passes.
--
JanKrueger - 04 Nov 2015
Patch to try:
diff --git a/core/lib/Foswiki/UserMapping.pm b/core/lib/Foswiki/UserMapping.pm
index fe49884..6c8803e 100644
--- a/core/lib/Foswiki/UserMapping.pm
+++ b/core/lib/Foswiki/UserMapping.pm
@@ -566,11 +566,15 @@ sub validateRegistrationField {
return $_[2] if ( lc( $_[1] ) eq 'loginname' );
- if ( ( lc( $_[1] ) eq 'username' )
- && length( $_[2] )
- && !( $_[2] =~ m/$Foswiki::cfg{LoginNameFilterIn}/ ) )
- {
- throw Error::Simple( Foswiki::entityEncode("Invalid $_[1]") );
+ if ( lc( $_[1] ) eq 'username' ) {
+ if ( length( $_[2] )
+ && !( $_[2] =~ m/$Foswiki::cfg{LoginNameFilterIn}/ ) )
+ {
+ throw Error::Simple( Foswiki::entityEncode("Invalid $_[1]") );
+ }
+ else {
+ return $_[2];
+ }
}
# Don't check contents of password - it's never displayed.
--
GeorgeClark - 04 Nov 2015