🌍
English
Hello,
The UserAdvManager is unable to handle ", \ and ' in a correct manner.
How to reproduce?
In UserAdvmanager, in the Configuration tab you can select:
"Restrictions for configurations".
Here you see the setting "Usernames: Exclusion of characters".
Enable Banning characters: (Use a comma to separate each character).
Problem 1:
In the field after "Enable Banning characters: (Use a comma to separate each character).", enter:
a,b,c,",d,e,f,g,h
Not click Submit Setting; This will result in:
a,b,c,\
Some input checking isn't done right!
Problem 2:
To worsen problem 1, try:
a,b,c,",',\,|,<,>,.,/,?
This will result in even the admin page being affected! The following is suddenly displayed outside the input field (see attached image too):
,.,/,?" size="20" style="text-align: center;"/>
Problem 3:
In the field after "Enable Banning characters: (Use a comma to separate each character).", enter:
\,'
Click Submit Settings. This will result in:
\\,\'
Click Submit settings again; this will result in:
\\\\,\\\'
And so on....
Looks like a bug to me...
Piwigo version: 2.6.3
UserAdvManager: 2.60.2
Best regards,
Ben
Last edited by benhup (2014-06-29 23:40:20)
Offline
By the way, when this code is patched, maybe the creator could also change one of the texts.
I mean the texts in:
"Confirmations and registration:" > "Customize the messages and mails" > "Customizing the confirmation email:" :
The following English is much better IMHO:
Hello [username]! Thank you for your registration on [mygallery].
To complete the process and be able to browse through the photo gallery, please confirm your registration by clicking on the link in this message.
The original now is (and doesn't sound all that great):
Hello [username]! Thank you to have register on [mygallery].
To complete the process and be able to browse through the pictures, thank you kindly confirm your registration by clicking on the link in this message.
But lets see the big picture: great plugin!
Best regards,
Ben
Last edited by benhup (2014-06-29 23:46:08)
Offline
One more question:
I see that ", ' and \ are allowed to be used in a username...
Apart from looking at this plugin.... A user able to use ", ' and \ in a username...
IMHO this should be prevented at all times.
But this is one for the Piwigo core developers to look at....
Offline
Even getting a preg_match error in the admin panel when trying to use " and \ ...
Warning: preg_match(): Unknown modifier '/' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616 Warning: preg_match(): Unknown modifier '/' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616 Warning: preg_match(): Unknown modifier '/' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616
Offline
When registering a new user with usinga space, I get new errors:
Warning: preg_match(): Unknown modifier '>' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616
When completely conforming with the username rules, I still get an error:
Warning: preg_match(): Unknown modifier '>' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616 Warning: preg_match(): Unknown modifier '/' in /piwigo/plugins/UserAdvManager/include/functions.inc.php on line 2616
So / and > gives problems too.
Last edited by benhup (2014-06-30 01:50:16)
Offline