Labels Milestones

Sanitizing Usernames to Prevent URL Encoding Exploits #1

Merged

videotoaster merged 3 commits from Danii/morsel:main into main 2 months ago

Conversation 0 Commits 3 Files Changed 2

Danii commented 3 months ago

If a post by a user of the name "../logout" is seen, the user is immediately logged out. Accessing the user page of a user by the name of "%20" is impossible. lol. This PR disallows the creation of usernames containing some dangerous characters, among them the octets (%).

If a post by a user of the name "../logout" is seen, the user is immediately logged out. Accessing the user page of a user by the name of "%20" is impossible. lol. This PR disallows the creation of usernames containing some dangerous characters, among them the octets (%).

Danii added 3 commits 3 months ago

6b99e3da2a Change Username Specification

77ebc330cb Restrict Username Specification to Disallow '%'

dc2c1be031 Disallow Registering with Reserved Characters

Danii changed title from WIP: Sanitizing Usernames to Prevent URL Encoding Exploits to Sanitizing Usernames to Prevent URL Encoding Exploits 3 months ago

videotoaster merged commit a58d9c5f06 into main 2 months ago

videotoaster referenced this issue from a commit 2 months ago

(courtesy of danii) username sanitization

The pull request has been merged as a58d9c5f06.

Sign in to join this conversation.

Reviewers

Request review

No reviewers

Labels

Apply labels

Clear labels

No items

No Label

Milestone

Set milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Assign users

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: videotoaster/morsel#1

Write Preview

Loading…

Cancel

Save

There is no content yet.