Commit 77218e4a authored by zbdd's avatar zbdd Committed by Sam Hemelryk
Browse files

MDL-42993 auth: spaces removed from usernames by default only

Functionality by default does not change with this patch.
However spaces are no longer stripped when cleaning usernames IF
$CFG->extendedusernamechars has been set.

Also included 2 trim statements where small issues were found with reading
external usernames in that  were not filtered for trailing whitespaces.
parent a96e90e1
......@@ -737,6 +737,7 @@ class auth_plugin_ldap extends auth_plugin_base {
do {
$value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
$value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8');
$value = trim($value);
$this->ldap_bulk_insert($value);
} while ($entry = ldap_next_entry($ldapconnection, $entry));
}
......
......@@ -139,6 +139,10 @@ $CFG->admin = 'admin';
// any existing key.
// $CFG->mnetkeylifetime = 28;
//
// Not recommended: Set the following to true to allow the use
// off non-Moodle standard characters in usernames.
// $CFG->extendedusernamechars = true;
//
// Allow user passwords to be included in backup files. Very dangerous
// setting as far as it publishes password hashes that can be unencrypted
// if the backup file is publicy available. Use it only if you can guarantee
......
......@@ -1171,10 +1171,11 @@ function clean_param($param, $type) {
case PARAM_USERNAME:
$param = fix_utf8($param);
$param = str_replace(" " , "", $param);
$param = trim($param);
// Convert uppercase to lowercase MDL-16919.
$param = core_text::strtolower($param);
if (empty($CFG->extendedusernamechars)) {
$param = str_replace(" " , "", $param);
// Regular expression, eliminate all chars EXCEPT:
// alphanum, dash (-), underscore (_), at sign (@) and period (.) characters.
$param = preg_replace('/[^-\.@_a-z0-9]/', '', $param);
......
......@@ -656,6 +656,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john´doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param('john#$%&() ', PARAM_USERNAME), 'john');
$this->assertSame('johnd', clean_param('JOHNdóé ', PARAM_USERNAME));
$this->assertSame(clean_param('john.,:;-_/|\ñÑ[]A_X-,D {} ~!@#$%^&*()_+ ?><[] ščřžžý ?ýáž?žý??šdoe ', PARAM_USERNAME), 'john.-_a_x-d@_doe');
......@@ -664,7 +666,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$CFG->extendedusernamechars = true;
$this->assertSame('john_doe', clean_param('john_doe', PARAM_USERNAME));
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john#$%&()+_^');
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame('john~doe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('john´doe', clean_param('joHN´doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('johnDOE', PARAM_USERNAME));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment