Hi all ,
I guess I found a bug or improvement needed.
'username' is dropped from serendipity_authors table when personal details is updated without username in admin page. The password ( should I say 'old password' ?) is held even though no new password entered.
I'd like to recommend that username'd better be handled as same as password so that USER can update his details without any inconvenience.
Regards,
taka
Drop user name from DB
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Drop user name from DB
The username is filled into the personal preferences form when you enter it, so your browser will send its value to Serendipity just like any other values (Email address, publish settings etc.).
The password is NOT filled into the preferences form to prevent hacking. Only if it is changed, it will be changed.
I see no problem in this handling - does your personal preferences form not contain the username, when you call it? Please look at the HTML sourececode then, it should be there and just your browser might make a problem. Firefox with some extensions is known to cause such oddities.
Regards,
Garvin
The password is NOT filled into the preferences form to prevent hacking. Only if it is changed, it will be changed.
I see no problem in this handling - does your personal preferences form not contain the username, when you call it? Please look at the HTML sourececode then, it should be there and just your browser might make a problem. Firefox with some extensions is known to cause such oddities.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
the proposal for error handling
Garvin,
Thank you for your reply.
Yes, you are right. Username is usually filled into automatically by Serendipity.
The point is that personal details can be updated without username which is a necessary data for loginning in. Empty data will not be stored or updated if confirmed, even though browser, e.g FireFox as you mentioned, might make a problem.
So I'd like to suggest to identify before storing data in DB if username is filled in, at least empty should be escaped.
What do you think ?
Regards,
taka
Thank you for your reply.
Yes, you are right. Username is usually filled into automatically by Serendipity.
The point is that personal details can be updated without username which is a necessary data for loginning in. Empty data will not be stored or updated if confirmed, even though browser, e.g FireFox as you mentioned, might make a problem.
So I'd like to suggest to identify before storing data in DB if username is filled in, at least empty should be escaped.
What do you think ?
Regards,
taka
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: the proposal for error handling
Of course there are many areas, where extra error checks if the user is about to do something stupid should be checked.
Serendipity usually operates so that it relies on you not doing something stupid, like removing your username.
A patch for that could be created, but it would require a new language string, so it will not be possible to put this in the upcoming 1.0 release. I've committed a change to 1.1-alpha1 so that the username cannot be empty.
Regards,
Garvin
Serendipity usually operates so that it relies on you not doing something stupid, like removing your username.
A patch for that could be created, but it would require a new language string, so it will not be possible to put this in the upcoming 1.0 release. I've committed a change to 1.1-alpha1 so that the username cannot be empty.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
No problem
Thank you for adding my suggestion in your future release.
It's much appreciated !
taka
It's much appreciated !
taka