Topic: Possible Bug

Synopsis: Changing form values and lengths users can have usernames of extremly long lengths.

Files involved: register.php

Patch:

#OPEN#
register.php

#FIND#
if (strlen($username) < 2)
   message($lang_prof_reg['Username too short']);

#ADD AFTER#
else if (strlen($username) > 25)
    message($lang_prof_reg['Username too long']);




#OPEN#
en_prof_reg.php(will vary based on language)

#FIND#
'Username too short'        =>    'Usernames must be at least 2 characters long. Please choose another (longer) username.',

#ADD AFTER#
'Username too long'        =>    'Usernames may not be over 25 characters long. Please choose another (shorter) username.',


Enjoy.

I enjoy pie :)

Re: Possible Bug

You can't enter usernames longer than 25 signs when you're registering to the forum :)

Re: Possible Bug

Yes you can if you change the forms of the page or edit your POSTs you can create nicknames as long as you want wink

I enjoy pie :)

Re: Possible Bug

Nope, not longer than 200 chars right? :P

Re: Possible Bug

Hmm, thats weird. I must have removed it. I'm sure the check was there earlier :-)

Oh well, thanks again Mediator :D

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: Possible Bug

Since adding a custom error message (as shown above) will require editing of all language packs I will just output a "Bad request" error message if the username is too long. The only way to try to set a username longer than 25 characters is by posting a form from an external page, so this won't be a problem.

Edit: I forgot. The check should be done with pun_strlen() to support HTML numeric character references (i.e. &#169;).

"Programming is like sex: one mistake and you have to support it for the rest of your life."