Sanitizing Usernames to Prevent URL Encoding Exploits #1

Merged

videotoaster merged 3 commits from Danii/morsel:main into main 2023-01-10 08:48:17 -05:00

Conversation 0 Commits 3 Files Changed 2

Danii commented 2023-01-09 10:16:50 -05:00

If a post by a user of the name "../logout" is seen, the user is immediately logged out. Accessing the user page of a user by the name of "%20" is impossible. lol. This PR disallows the creation of usernames containing some dangerous characters, among them the octets (%).

If a post by a user of the name "../logout" is seen, the user is immediately logged out. Accessing the user page of a user by the name of "%20" is impossible. lol. This PR disallows the creation of usernames containing some dangerous characters, among them the octets (%).

Danii added 3 commits 2023-01-09 10:16:50 -05:00

6b99e3da2a Change Username Specification

77ebc330cb Restrict Username Specification to Disallow '%'

dc2c1be031 Disallow Registering with Reserved Characters

Danii changed title from WIP: Sanitizing Usernames to Prevent URL Encoding Exploits to Sanitizing Usernames to Prevent URL Encoding Exploits 2023-01-09 10:16:57 -05:00

videotoaster merged commit a58d9c5f06 into main 2023-01-10 08:48:17 -05:00

videotoaster referenced this issue from a commit 2023-01-10 08:48:17 -05:00

(courtesy of danii) username sanitization

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: videotoaster/morsel#1

There is no content yet.