Avatar

my description of problem was wrong... (Bugs)

by Alex ⌂, Tuesday, February 02, 2010, 13:58 (5168 days ago) @ Urfin®

Some correctives: registered user with cyrillic nikname can login to forum, but he can't create new topic or answer to other messages - error message appears.

I see. Actually it isn't necessary to check registered users. But that's not the main problem...

This code allows to bypass check, and "cyrillic user" can publish messages.

The original function looks like this:

function contains_special_characters($string)
 {
  if(preg_match("/([[:cntrl:]]|\255)/", $string)) return true; // control characters and soft hyphen
  if(preg_match("/(\x{200b})/u", $string)) return true; // zero width space
  return false;
 }

I'm afraid the u modifier causes the problem on your server (cannot reproduce it here, see this posting).

What about this modification?

function contains_special_characters($string)
 {
  if(preg_match("/([[:cntrl:]]|\255)/", $string)) return true; // control characters and soft hyphen
  return false;
 }

Anyway this check isn't really important. The idea was to prevent users from specifying identical looking user names like already registered user names by not accepting invisible characters. However, this isn't very promising as unicode characters are allowed (for example: you could post with my name using the cyrillic "А").

Alex


Complete thread:

 RSS Feed of thread