Apostrophe in Username breaks Tiki
- Status
- Closed
- Subject
- Apostrophe in Username breaks Tiki
- Version
- 3.x
- Category
- Error
- Usability
- Feature
- Forum
Dynamic Content
Profile Manager - Submitted by
- CrayzeeIvan
- Volunteered to solve
- Philippe Cloutier
- Lastmod by
- Philippe Cloutier
- Rating
- Description
A user registered with an apostroph ' in their username (e.g. "Tes't") will not be able to use some feature of TikiWiki.
For example:
They will be able to select a forum, but after that, all that is displayed is the name of the forum, the "new topic" and "list forum" buttons (depending on permissions, of course), and the breadcrumb forum-navigation. The rest of the page (tiki-view_forum.php?forumid=X) is blank, no header/footer or any menus are displayed.This is dependant on the rights/permissions of the user in question, SubAdmins and Admins will see the full, expected forum page, regardless of apostrophes in their name (at least with my config, YMMV).
Another problem exists in regards to all JavaScript that uses the name of the user, for example the "tiki-my_tiki.php" page of the user, were JavaScript is used to expand Tabs (e.g. clicking "My Infos" will not work). This is due to JS using ' as string-delimeters, and not escaping any ' within the users name.
May be that the sole cause of all the problems lies within the JS-string-delimeter, but I'm no expert on the workings of TikiWiki, and the forum page breaks rather spectacularly when compared to the user profile page, which just doesn't work as expected.- Solution
Not sure. Easiest, but also most draconic, would be to disallow users from having apostrophes within their name.
Another option would be to use an escaping-mechanism for the usernames (as htmlentities() or addind \ before ') at the apropriate places (JavaScript, etc.).--
This seems to be fixed in trunk. If anyone can reproduce this with Tiki 5 or later, please say so and feel free to reopen.
- Workaround
- Ask the user to register again, without the apostrophe, or just edit the username as an admin.
- Importance
- 7
- Priority
- 35
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Ticket ID
- 2776
- Created
- Wednesday 30 September, 2009 19:13:07 GMT-0000
by Unknown - LastModif
- Sunday 10 July, 2016 22:28:07 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- Browse Directory is broken
- Wiki argument variables, Documentation; The help tools of Tiki for Wiki argument variables redirect to the wrong page
- Plugin List, Wiki Argument Variables; Admin should see a warning when the Wiki Argument Variables is not enabled and he tries to use it.
- General, Navigation; Endless loop, too much redirect error, if a wiki page is the value of the option
- Tiki tag ~ hs ~ is lost on wiki page duplication
;){kind=link}
;){kind=link}