Hi all !
On related [Bugtracker] ticket 796, we need to strengthen the login names choosen by users at their registration.
At this time, the NBC_UserAdvManager plugin can perform to set the case sensitivity of logins and exclude some forbidden characters (like '/\,;...). The first question is : Do we add these features in Piwigo's core ?
If yes, there are my purproses :
- About the case sensitivity, I think this must be settable by galleries admins (in config_local file or in #_config database table)
- About the treatment of special characters. I think the easiest way is to ban them altogether. The use of special characters in logins is still quite marginal and, in some cases, abnormal and can be dangerous.
Do you have any suggestions, opinions to the contrary?
Offline
May I suggest you to write to our recent translator mohammed to get his view... about characters.
Offline
As for your habit, you're right. The Arabic characters can cause problems to the characters exclusion.
I'll ask mohammed's point of view.
Offline
Eric wrote:
- About the case sensitivity, I think this must be settable by galleries admins (in config_local file or in #_config database table)
I think the default configuration must be "no case sensitivity".
Eric wrote:
- About the treatment of special characters. I think the easiest way is to ban them altogether. The use of special characters in logins is still quite marginal and, in some cases, abnormal and can be dangerous.
All special characters must be escaped (thanks to mysql_real_escape_string) and there's no use of no allowing them.
But if you really want that , you can add it in config with a special var (array for example) that contains all caracters to be excluded. Of course that array will be empty by default.
Offline
Hello Eric
Arabic language is not complicated
The number of Arabic characters 28 characters only
Eric wrote:
There are 2 ways to fix this issue :
- Escaping all special characters entrered. So they should be used like any other regular character.
- Ban all special characters for login name. In this case, using, i.e. / * ' ", or; should be forbidden.
Yes ..
Use the first way or second no problem with the Arabic language
/".,; These are not characters in the Arabic language is called in Arabic punctuation only
Thanks for the question
Last edited by mohammed (2009-11-13 09:00:33)
Offline
First, I'ld to thank Mohammed for his quick answer :-)
Second, I think I've found the way to resolve this (thanks nicolas). All characters will be escaped and correctly sent back on requests. And the case sensivity will be settable in config_local file (default will be set to "no case sensitive").
I've just to identify everywhere the non-escaped logins are displayed with slashes...
Offline
Eric wrote:
First, I'ld to thank Mohammed for his quick answer :-)
Second, I think I've found the way to resolve this (thanks nicolas). All characters will be escaped and correctly sent back on requests. And the case sensivity will be settable in config_local file (default will be set to "no case sensitive").
I've just to identify everywhere the non-escaped logins are displayed with slashes...
Thank God you found the right way
I am pleased that
Offline