Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Users with special characters in their login cannot be deleted + shows login encoded #10211

Open
tsteur opened this issue Jun 5, 2016 · 2 comments
Labels
Bug For errors / faults / flaws / inconsistencies etc.

Comments

@tsteur
Copy link
Member

tsteur commented Jun 5, 2016

To reproduce enable setting:

[General] disable_checks_usernames_attributes = 1

Then create user eg with login rwer<§$4ä"34&'34;34

I couldn't delete that user afterwards and also it's not displayed correctly in the UI:
image

Tested with latest Piwik 2.16.1

I presume fixing it might not be easy as we would need to check all places where the login is used re possible xss if we output the login via {{ login|raw }} instead of {{ login }} currently

@tsteur tsteur added the Bug For errors / faults / flaws / inconsistencies etc. label Jun 5, 2016
@mattab mattab added this to the Mid term milestone Jul 14, 2016
@sgiehl
Copy link
Member

sgiehl commented Sep 10, 2017

This issue does not fully exist anymore. While the login is still stored encoded in the database it is possible to remove it in 3.0.
We could try to use {{ login|rawSafeDecoded }} to fix the encoding in the UI, but imho the username shouldn't be stored encoded in the database.

@mattab
Copy link
Member

mattab commented Sep 18, 2017

@sgiehl maybe you could close this issue (if the two issues of deleting + displaying) are fixed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Development

No branches or pull requests

3 participants