mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 20:42:22 +02:00
Code Issues Projects Releases Wiki Activity

MDL-42993 auth: spaces removed from usernames by default only

Browse Source 
Functionality by default does not change with this patch.
However spaces are no longer stripped when cleaning usernames IF
$CFG->extendedusernamechars has been set.

Also included 2 trim statements where small issues were found with reading
external usernames in that  were not filtered for trailing whitespaces.
This commit is contained in:
zbdd 2014-08-29 02:19:37 +00:00 committed by Sam Hemelryk
parent a96e90e1c0
commit 77218e4a52
4 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
auth/ldap/auth.php
View File

@ -737,6 +737,7 @@ class auth_plugin_ldap extends auth_plugin_base {
do {
$value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
$value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8');
$value = trim($value);
$this->ldap_bulk_insert($value);
} while ($entry = ldap_next_entry($ldapconnection, $entry));
}

4
config-dist.php
View File

@ -139,6 +139,10 @@ $CFG->admin = 'admin';
// any existing key.
// $CFG->mnetkeylifetime = 28;
//
// Not recommended: Set the following to true to allow the use
// off non-Moodle standard characters in usernames.
// $CFG->extendedusernamechars = true;
//
// Allow user passwords to be included in backup files. Very dangerous
// setting as far as it publishes password hashes that can be unencrypted
// if the backup file is publicy available. Use it only if you can guarantee

3
lib/moodlelib.php
View File

@ -1171,10 +1171,11 @@ function clean_param($param, $type) {
case PARAM_USERNAME:
$param = fix_utf8($param);
$param = str_replace(" " , "", $param);
$param = trim($param);
// Convert uppercase to lowercase MDL-16919.
$param = core_text::strtolower($param);
if (empty($CFG->extendedusernamechars)) {
$param = str_replace(" " , "", $param);
// Regular expression, eliminate all chars EXCEPT:
// alphanum, dash (-), underscore (_), at sign (@) and period (.) characters.
$param = preg_replace('/[^-\.@_a-z0-9]/', '', $param);

5
lib/tests/moodlelib_test.php
View File

@ -656,6 +656,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john´doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param('john#$%&() ', PARAM_USERNAME), 'john');
$this->assertSame('johnd', clean_param('JOHNdóé ', PARAM_USERNAME));
$this->assertSame(clean_param('john.,:;-_/|\ñÑ[]A_X-,D {} ~!@#$%^&*()_+ ?><[] ščřžžý ?ýáž?žý??šdoe ', PARAM_USERNAME), 'john.-_a_x-d@_doe');
@ -664,7 +666,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$CFG->extendedusernamechars = true;
$this->assertSame('john_doe', clean_param('john_doe', PARAM_USERNAME));
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john#$%&()+_^');
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame('john~doe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('john´doe', clean_param('joHN´doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('johnDOE', PARAM_USERNAME));