| Author |
 Topic  |
|
tilttek
Junior Member
Canada
333 Posts |
|
|
MxTxL
Starting Member
28 Posts |
 Posted - 01 July 2001 : 23:40:04
|
I don't know if it has been mentioned before, but someone recently made a user with a blank string for username. Can't tell if it's "" or " " or " ".... etc.
I thought this was the best place to bring it up as this is a somewhat related sort of bug.
|
 |
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 06 July 2001 : 18:25:58
|
ok i read all of this, and their are a couple different solutions, but no real answer. the title says "Bug+FIX" but can you please make it clear on what the fix is?
Brad |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 06 July 2001 : 20:44:40
|
The only real way to fix it is to only allow certain characters.
I took +FIX out of the title since nothing has been decided on. |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 06 July 2001 : 21:26:11
|
Here goes,
Add this function to the end of inc_functions.asp
Function IsValidString(sValidate)
Dim sInvalidChars
Dim bTemp
Dim i
' Disallowed characters
sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<"
If Len(sValidate) > Len(sInvalidChars) Then
For i = 1 To Len(sInvalidChars)
If InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 _
Then bTemp = True
If bTemp Then Exit For
Next
Else
For i = 1 To Len(sValidate)
If InStr(sInvalidChars, Mid(sValidate, i, 1)) > 0 _
Then bTemp = True
If bTemp Then Exit For
Next
End If
' extra checks
' no two consecutive dots or spaces
if not bTemp then
bTemp = InStr(sValidate, "..") > 0
end if
if not bTemp then
bTemp = InStr(sValidate, " ") > 0
end if
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if 'Addition for leading and trailing spaces
' if any of the above are true, invalid string
IsValidString = Not bTemp
End Function
Now in register.asp, look for this code
if (Instr(Request.Form("Name"), ">") > 0 ) or (Instr(Request.Form("Name"), "<") > 0) then
Err_Msg = Err_Msg & "<li> > and < are not allowed in the UserName, Please Choose Another</li>"
end if
Change it to this
if not IsValidString(Request.Form("Name")) then
Err_Msg = Err_Msg & "<li> You may not use any of these chars in your username !#$%^&*()=+{}[]|\;:/?>,< </li>"
end if
You may want to adjust the invalid chars list, but as far as I can ascertain, the ones here are not valid in an email address
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 07 July 2001 : 00:21:51
|
HuwR, I think you want to change your second to last line in your function from this:IsValidEmail = Not bTemp to this:IsValidString = Not bTemp
- David |
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 07 July 2001 : 00:53:52
|
but what about all the alt commands? are those just going to be allowed?
i believe that instead of char's not allowed, it should be characters allowed.
Brad |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 07 July 2001 : 06:12:44
|
Thanks Davio.
Redbrad if you look at the disallowed chars, you will notice you can't construct an Alt command, since you can't use # or &
|
|
|
|
redbrad0
Advanced Member
USA
3725 Posts |
Posted - 07 July 2001 : 09:56:40
|
ok great thanks for answering that.
Brad |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 07 July 2001 : 14:13:21
|
HuwR,
I think you missed ', which causes trouble in sql. also " (how to escape it in the code?)
also space in the beginning and end, and single space.
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 07 July 2001 : 20:47:56
|
quote:
HuwR,
I think you missed ', which causes trouble in sql. also " (how to escape it in the code?)
also space in the beginning and end, and single space.
The ' is a valid email character and is already dealt with in the code. To deal with leading and trailing spaces, just add this to the extra checks section
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if
I was not aware that a single space caused problems, and I'm sure Richard will be dissapointed to here he can no longer use his username.
|
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 07 July 2001 : 23:59:17
|
quote:
The ' is a valid email character and is already dealt with in the code. To deal with leading and trailing spaces, just add this to the extra checks section
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if
I was not aware that a single space caused problems, and I'm sure Richard will be dissapointed to here he can no longer use his username.
Sorry, I tried ' (single quote) in sr4 and got this
Microsoft JET Database Engine error '80040e14'
string sytax error in query string 'M_NAME = ''''
and I think it's better to tell the user he can't use it.
or it's already dealt with in the new version? I just add it to the banned list.
Will " (double quote) cause any problem? If so, how can I add it? (escape a " with in ", """?)
about the single space, I don't think it will cause any trouble as we diabled leading, ending and consecutive spaces. I meant user name as only a space. though it's not a big trouble to disable the name, I'd like to check it here.
btw, what's the asc code for . (period)?
I took Richad's approach to limit username to alpabatic and numeric only.
a-z A-z 0-9 - _ space, and I want to add "."
The reason I'd like to do this is that some of my users here use asian languages(AL) while others not, AL can't be read by others without a system supporting it. aslo, letters with accent will be displayed as strange asian characters in those systems if they don't adjust decoding, which is unlikely.
To compromise, I add an alternative username field without these limitations. All will be happy I hope.
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 08 July 2001 : 01:01:22
|
| The ASC code for a period is: 46 |
|
|
|
gor
Retired Admin
Netherlands
5511 Posts |
Posted - 25 July 2001 : 05:21:45
|
I added a check for ALT+0160 to the function Huw posted:
Function IsValidString(sValidate)
Dim sInvalidChars
Dim bTemp
Dim i
' Disallowed characters
sInvalidChars = "!#$%^&*()=+{}[]|\;:/?>,<"
If Len(sValidate) > Len(sInvalidChars) Then
For i = 1 To Len(sInvalidChars)
If InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 _
Then bTemp = True
If bTemp Then Exit For
Next
For i = 1 To Len(sValidate)
If Asc(Mid(sValidate, i, 1)) = 160 _
Then bTemp = True
If bTemp Then Exit For
Next
Else
For i = 1 To Len(sValidate)
If InStr(sInvalidChars, Mid(sValidate, i, 1)) > 0 or (Asc(Mid(sValidate, i, 1)) = 160) _
Then bTemp = True
If bTemp Then Exit For
Next
End If
' extra checks
' no two consecutive dots or spaces
if not bTemp then
bTemp = InStr(sValidate, "..") > 0
end if
if not bTemp then
bTemp = InStr(sValidate, " ") > 0
end if
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if 'Addition for leading and trailing spaces
' if any of the above are true, invalid string
IsValidString = Not bTemp
End Function
Pierre
Join a Snitz Mailinglist |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 25 July 2001 : 05:30:13
|
gor you need to add the check to both parts of the if then ... else
|
|
|
|
Topic |
|
Forum Locked
Topic Locked
