Serendipity Forums

User and developer community
https://board.s9y.org/

Drop user name from DB

https://board.s9y.org/viewtopic.php?t=4521

Page 1 of 1

Drop user name from DB

Posted: Wed Feb 15, 2006 10:02 am
by taka
Hi all ,

I guess I found a bug or improvement needed.

'username' is dropped from serendipity_authors table when personal details is updated without username in admin page. The password ( should I say 'old password' ?) is held even though no new password entered.

I'd like to recommend that username'd better be handled as same as password so that USER can update his details without any inconvenience.


Regards,

taka

Re: Drop user name from DB

Posted: Wed Feb 15, 2006 11:41 am
by garvinhicking
The username is filled into the personal preferences form when you enter it, so your browser will send its value to Serendipity just like any other values (Email address, publish settings etc.).

The password is NOT filled into the preferences form to prevent hacking. Only if it is changed, it will be changed.

I see no problem in this handling - does your personal preferences form not contain the username, when you call it? Please look at the HTML sourececode then, it should be there and just your browser might make a problem. Firefox with some extensions is known to cause such oddities.

Regards,
Garvin

the proposal for error handling

Posted: Wed Feb 15, 2006 3:12 pm
by taka
Garvin,

Thank you for your reply.
Yes, you are right. Username is usually filled into automatically by Serendipity.

The point is that personal details can be updated without username which is a necessary data for loginning in. Empty data will not be stored or updated if confirmed, even though browser, e.g FireFox as you mentioned, might make a problem.

So I'd like to suggest to identify before storing data in DB if username is filled in, at least empty should be escaped.

What do you think ?

Regards,

taka

Re: the proposal for error handling

Posted: Wed Feb 15, 2006 3:47 pm
by garvinhicking
Of course there are many areas, where extra error checks if the user is about to do something stupid should be checked.

Serendipity usually operates so that it relies on you not doing something stupid, like removing your username.

A patch for that could be created, but it would require a new language string, so it will not be possible to put this in the upcoming 1.0 release. I've committed a change to 1.1-alpha1 so that the username cannot be empty.

Regards,
Garvin

No problem

Posted: Thu Feb 16, 2006 4:06 am
by taka
Thank you for adding my suggestion in your future release.
It's much appreciated !

taka
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited