Commit 77218e4a authored by zbdd's avatar zbdd Committed by Sam Hemelryk
Browse files

MDL-42993 auth: spaces removed from usernames by default only

Functionality by default does not change with this patch.
However spaces are no longer stripped when cleaning usernames IF
$CFG->extendedusernamechars has been set.

Also included 2 trim statements where small issues were found with reading
external usernames in that  were not filtered for trailing whitespaces.
parent a96e90e1
...@@ -737,6 +737,7 @@ class auth_plugin_ldap extends auth_plugin_base { ...@@ -737,6 +737,7 @@ class auth_plugin_ldap extends auth_plugin_base {
do { do {
$value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute); $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
$value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8'); $value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8');
$value = trim($value);
$this->ldap_bulk_insert($value); $this->ldap_bulk_insert($value);
} while ($entry = ldap_next_entry($ldapconnection, $entry)); } while ($entry = ldap_next_entry($ldapconnection, $entry));
} }
......
...@@ -139,6 +139,10 @@ $CFG->admin = 'admin'; ...@@ -139,6 +139,10 @@ $CFG->admin = 'admin';
// any existing key. // any existing key.
// $CFG->mnetkeylifetime = 28; // $CFG->mnetkeylifetime = 28;
// //
// Not recommended: Set the following to true to allow the use
// off non-Moodle standard characters in usernames.
// $CFG->extendedusernamechars = true;
//
// Allow user passwords to be included in backup files. Very dangerous // Allow user passwords to be included in backup files. Very dangerous
// setting as far as it publishes password hashes that can be unencrypted // setting as far as it publishes password hashes that can be unencrypted
// if the backup file is publicy available. Use it only if you can guarantee // if the backup file is publicy available. Use it only if you can guarantee
......
...@@ -1171,10 +1171,11 @@ function clean_param($param, $type) { ...@@ -1171,10 +1171,11 @@ function clean_param($param, $type) {
case PARAM_USERNAME: case PARAM_USERNAME:
$param = fix_utf8($param); $param = fix_utf8($param);
$param = str_replace(" " , "", $param); $param = trim($param);
// Convert uppercase to lowercase MDL-16919. // Convert uppercase to lowercase MDL-16919.
$param = core_text::strtolower($param); $param = core_text::strtolower($param);
if (empty($CFG->extendedusernamechars)) { if (empty($CFG->extendedusernamechars)) {
$param = str_replace(" " , "", $param);
// Regular expression, eliminate all chars EXCEPT: // Regular expression, eliminate all chars EXCEPT:
// alphanum, dash (-), underscore (_), at sign (@) and period (.) characters. // alphanum, dash (-), underscore (_), at sign (@) and period (.) characters.
$param = preg_replace('/[^-\.@_a-z0-9]/', '', $param); $param = preg_replace('/[^-\.@_a-z0-9]/', '', $param);
......
...@@ -656,6 +656,8 @@ class core_moodlelib_testcase extends advanced_testcase { ...@@ -656,6 +656,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME)); $this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john~doe', PARAM_USERNAME)); $this->assertSame('johndoe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('john´doe', PARAM_USERNAME)); $this->assertSame('johndoe', clean_param('john´doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john_');
$this->assertSame(clean_param('john#$%&() ', PARAM_USERNAME), 'john'); $this->assertSame(clean_param('john#$%&() ', PARAM_USERNAME), 'john');
$this->assertSame('johnd', clean_param('JOHNdóé ', PARAM_USERNAME)); $this->assertSame('johnd', clean_param('JOHNdóé ', PARAM_USERNAME));
$this->assertSame(clean_param('john.,:;-_/|\ñÑ[]A_X-,D {} ~!@#$%^&*()_+ ?><[] ščřžžý ?ýáž?žý??šdoe ', PARAM_USERNAME), 'john.-_a_x-d@_doe'); $this->assertSame(clean_param('john.,:;-_/|\ñÑ[]A_X-,D {} ~!@#$%^&*()_+ ?><[] ščřžžý ?ýáž?žý??šdoe ', PARAM_USERNAME), 'john.-_a_x-d@_doe');
...@@ -664,7 +666,8 @@ class core_moodlelib_testcase extends advanced_testcase { ...@@ -664,7 +666,8 @@ class core_moodlelib_testcase extends advanced_testcase {
$CFG->extendedusernamechars = true; $CFG->extendedusernamechars = true;
$this->assertSame('john_doe', clean_param('john_doe', PARAM_USERNAME)); $this->assertSame('john_doe', clean_param('john_doe', PARAM_USERNAME));
$this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME)); $this->assertSame('john@doe', clean_param('john@doe', PARAM_USERNAME));
$this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john#$%&()+_^'); $this->assertSame(clean_param('john# $%&()+_^', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame(clean_param(' john# $%&()+_^ ', PARAM_USERNAME), 'john# $%&()+_^');
$this->assertSame('john~doe', clean_param('john~doe', PARAM_USERNAME)); $this->assertSame('john~doe', clean_param('john~doe', PARAM_USERNAME));
$this->assertSame('john´doe', clean_param('joHN´doe', PARAM_USERNAME)); $this->assertSame('john´doe', clean_param('joHN´doe', PARAM_USERNAME));
$this->assertSame('johndoe', clean_param('johnDOE', PARAM_USERNAME)); $this->assertSame('johndoe', clean_param('johnDOE', PARAM_USERNAME));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment