<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> if (ereg("[^\x80-\xF7 [:alnum:]@_.-]",
$name)) return t('The username contains an illegal character.');</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>As I say, this is the core user.module so this is on every
drupal site out there. What does this line do and is it indeed coded poorly? In
an ideal world, I would like to allow ONLY a-z, 0-9 and hyphens and that's it!
I may even offer a project on the forum to rewrite this part of the module to
allow only those characters. It seems better than disallowing a whole raft of
other characters - to allow only a, b and c, so to speak.</span></font><o:p></o:p></p>
<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal style='border:none;padding:0in'><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Of course this is a posix regular
expression match. I think it was originally designed to filer out characters
Hex 81- hex F7, as well as @_.- and all numbers? Kinda weird, but I
think it’s broken. I made a test page with just this code, and no
matter what I passed, I couldn’t seem to get it to fire….. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I’d recommend taking this to the
devel list to find out if it’s a bug, or file an issue on drupal.org. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>If you find that you want to increase the
filtering on user.module, you ought to be able to write a module that uses
hook_form_alter to alter the way user names validation gets handled, rather
than hacking code. But given the existence of this regex code, I’d
be wanting to check this out with the drupal developers about what this code
intends to do….. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><br>
Dave<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
support-bounces@drupal.org [mailto:support-bounces@drupal.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Neil: esl-lounge.com<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, September 26,
2007 3:26 AM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">support@drupal.org</st1:PersonName><br>
<b><span style='font-weight:bold'>Subject:</span></b> [support] preventing
accented characters at registration</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am looking to alter the main user module to prevent more
non-alphanumeric characters than drupal does by default. I added, as you can
see, a line to prevent underscores as we have a mash up with Mediawiki and
underscores cause a major headache. I did so by disallowing unicode character
005F which is a standard underscore, and I emphasise "standard" here:
there are about 3 other underscore characters!</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Is there a simple way of disallowing accented characters
which also throw a spanner in the mediawiki machinery? I suppose I could always
use the admin/access rules to do this. Maybe it's better than further hacking
core. I had little choice with underscore because underscore is for some reason
used as a wildcard character in access rules so I had to add it here:</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>/**<br>
* Verify the syntax of the given name.<br>
*/<br>
function user_validate_name($name) {<br>
if (!strlen($name)) return t('You must enter a username.');<br>
if (substr($name, 0, 1) == ' ') return t('The username cannot begin with
a space.');<br>
if (substr($name, -1) == ' ') return t('The username cannot end with a
space.');<br>
if (strpos($name, ' ') !== FALSE) return t('The username cannot
contain multiple spaces in a row.');<br>
if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The
username contains an illegal character.');<br>
if
(preg_match('/[\x{80}-\x{A0}'.
// Non-printable ISO-8859-1 + NBSP<br>
'\x{AD}'.
// Soft-hyphen<br>
'\x{2000}-\x{200F}'. // Various space characters<br>
'\x{2028}-\x{202F}'. // Bidirectional text
overrides<br>
'\x{205F}-\x{206F}'. // Various text hinting
characters<br>
'\x{FEFF}'.
// Byte order mark<br>
'\x{005F}'.
// Underscore<br>
'\x{FF01}-\x{FF60}'. // Full-width latin<br>
'\x{FFF9}-\x{FFFD}'. // Replacement characters<br>
'\x{0}]/u',
// NULL byte<br>
$name)) {<br>
return t('The username contains an illegal character.');<br>
}<br>
if (strpos($name, <a href="mailto:'@'">'@'</a>) !== FALSE &&
!eregi(<a href="mailto:'@(%5b0-9a-z%5d(-?%5b0-9a-z%5d)*.)+%5ba-z%5d%7b2%7d(%5bzmuvtg%5d|fo|me)?$'">'@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$'</a>,
$name)) return t('The username is not a valid authentication ID.');<br>
if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name
is too long: it must be %max characters or less.', array('%name' => $name,
'%max' => USERNAME_MAX_LENGTH));<br>
}</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I mentioned a similar problem to this on this mailing list a
few months ago and I had people coming back to me with ways in which the above
code was not done very well. Of particular interest was this line:</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> if (ereg("[^\x80-\xF7 [:alnum:]@_.-]",
$name)) return t('The username contains an illegal character.');</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>As I say, this is the core user.module so this is on every
drupal site out there. What does this line do and is it indeed coded poorly? In
an ideal world, I would like to allow ONLY a-z, 0-9 and hyphens and that's it!
I may even offer a project on the forum to rewrite this part of the module to
allow only those characters. It seems better than disallowing a whole raft of
other characters - to allow only a, b and c, so to speak.</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Mashing up drupal and mediawiki causes so many headaches
when it comes to allowable usernames and there's always that one tenth of a
percent who absolutely MUST HAVE their username as @@|||||||| - -
*_The__<<Big>>__Lebowski_||* - - |||||||||@@</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>if anyone puts that into mediawiki, our server will go up in
smoke.</span></font><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Neil</span></font><o:p></o:p></p>
</div>
</div>
</body>
</html>