Users with special characters in their login cannot be deleted + shows login encoded #10211
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
Milestone
To reproduce enable setting:
[General] disable_checks_usernames_attributes = 1
Then create user eg with login
rwer<§$4ä"34&'34;34
I couldn't delete that user afterwards and also it's not displayed correctly in the UI:
Tested with latest Piwik 2.16.1
I presume fixing it might not be easy as we would need to check all places where the login is used re possible xss if we output the login via
{{ login|raw }}
instead of{{ login }}
currentlyThe text was updated successfully, but these errors were encountered: