#7671 closed defect (bug) (fixed)
Bypass required "name" field on user registration
Reported by: | DJPaul | Owned by: | djpaul |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Registration | Keywords: | |
Cc: |
Description
Entering three spaces into the default "Name" profile field seems to be treated as valid, and allows the user registration go two through. I've tested this on Nouveau on a recent 3.0-trunk, so we need to check what's going on.
Attachments (1)
Change History (9)
#2
@
7 years ago
Can anyone think of any problems of running trim()
on all profile field values submitted during user registration?
#4
@
7 years ago
That would empty the value I guess but have we run that after or before validation of any description, obviously html 'required' see it as having a value so passes.
Why do we require this, I remember a lot of time spent on usernames but that was at least four years back so fuzzy memory.
BTW this is one of the fields that prompted my concern over lack of 'required' attr on xprofile required fields.
#5
@
7 years ago
Tested that change and it works for me, throws me back to the input with error message.
#6
@
7 years ago
- Milestone changed from Under Consideration to 3.0
Been trying to imagine a scenario where an input with - in our context - white space before and after would be valid, but can't so think trim
is a good way of dealing with values returned with just white space.
I would set as 'commit' but you may want further opinions.
I checked again and it does, maybe I misunderstood and checked username originally.
I've lost track of why we force the 'name' field as if empty we just display username, after all 'name' is the WP display name and not a required field really.
We'll have to add a regex check that the input isn't simply white space but as one or more characters.