[development] AJAX security issue

Konstantin Käfer kkaefer at gmail.com
Tue May 8 08:32:36 UTC 2007

> The difference is that in AJAX (as most commonly used), if you type  
> "aa",
> then all the users with names beginning with Aa will show up for  
> you, then
> you do "Ab", and get a list, then "Ac", ...etc.

This is not the case here. While Drupal's regular nickname completion  
behaves like that, the check for usernames doesn't show a list of  
taken names but rather checks if a certain distinct name is already  

Konstantin Käfer – http://kkaefer.com/

More information about the development mailing list