[development] AJAX security issue
Konstantin Käfer
kkaefer at gmail.com
Tue May 8 08:32:36 UTC 2007
> The difference is that in AJAX (as most commonly used), if you type
> "aa",
> then all the users with names beginning with Aa will show up for
> you, then
> you do "Ab", and get a list, then "Ac", ...etc.
This is not the case here. While Drupal's regular nickname completion
behaves like that, the check for usernames doesn't show a list of
taken names but rather checks if a certain distinct name is already
taken.
Konstantin Käfer – http://kkaefer.com/
More information about the development
mailing list