Opened 16 years ago

Closed 16 years ago

Last modified 13 years ago

#8379 closed (fixed)

'change user' admin form doesn't validate username

Reported by: Mirrorball Owned by: Ivan Giuliani
Component: contrib.auth Version: 1.0-beta
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The form for changing a user in the admin interface doesn't validate the username. Any character may be entered.

Attachments (1)

r8520-validate-username.patch (1.9 KB ) - added by Ivan Giuliani 16 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by Thejaswi Puthraya, 16 years ago

The details provided are vague. Can you give us more details regarding your 'expectations' and the 'result'? This will help in fixing the problem (if any).

comment:2 by Eric Holscher, 16 years ago

Resolution: invalid
Status: newclosed

Do you mean that there is no javascript validation? There shouldn't be any in javascript. Closed as invalid because there isn't enough information. Please re-open if it's a bug, with a way to repeat.

comment:3 by Mirrorball, 16 years ago

Resolution: invalid
Status: closedreopened

No, there's no backend validation. You can enter invalid characters for the username field (for instance, "Mirrorball ") and it's going to be saved even though it doesn't validate.

comment:4 by Mirrorball, 16 years ago

My invalid characters were deleted when I sent the above message with an instance of invalid username, but any will do. "Mirrorball at at", for instance.

comment:5 by Brian Rosner, 16 years ago

Owner: changed from nobody to Brian Rosner
Status: reopenednew
Triage Stage: UnreviewedAccepted

comment:6 by Ivan Giuliani, 16 years ago

Owner: changed from Brian Rosner to Ivan Giuliani

by Ivan Giuliani, 16 years ago

comment:7 by Ivan Giuliani, 16 years ago

The above patch should fix the issue. Anyway my first thought has been that this kind of validation should be made at model-level (whenever it lands) so we can allow someone that is using some custom backend or that is inheriting the User class to specify what kind of characters are allowed in these fields. But of course this is a post-1.0 thing...

comment:8 by Jacob, 16 years ago

Resolution: fixed
Status: newclosed

(In [8544]) Fixed #8379: the admin user change form now properly validates the username. Thanks, kratorius.

comment:9 by Jacob, 13 years ago

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top