#8379 closed (fixed)
'change user' admin form doesn't validate username
Reported by: | Mirrorball | Owned by: | Ivan Giuliani |
---|---|---|---|
Component: | contrib.auth | Version: | 1.0-beta |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The form for changing a user in the admin interface doesn't validate the username. Any character may be entered.
Attachments (1)
Change History (10)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Do you mean that there is no javascript validation? There shouldn't be any in javascript. Closed as invalid because there isn't enough information. Please re-open if it's a bug, with a way to repeat.
comment:3 by , 16 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
No, there's no backend validation. You can enter invalid characters for the username field (for instance, "Mirrorball ") and it's going to be saved even though it doesn't validate.
comment:4 by , 16 years ago
My invalid characters were deleted when I sent the above message with an instance of invalid username, but any will do. "Mirrorball at at", for instance.
comment:5 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | reopened → new |
Triage Stage: | Unreviewed → Accepted |
comment:6 by , 16 years ago
Owner: | changed from | to
---|
by , 16 years ago
Attachment: | r8520-validate-username.patch added |
---|
comment:7 by , 16 years ago
The above patch should fix the issue. Anyway my first thought has been that this kind of validation should be made at model-level (whenever it lands) so we can allow someone that is using some custom backend or that is inheriting the User class to specify what kind of characters are allowed in these fields. But of course this is a post-1.0 thing...
comment:8 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
The details provided are vague. Can you give us more details regarding your 'expectations' and the 'result'? This will help in fixing the problem (if any).