Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Properly escape username/roles in web interface (#3570) #3588

merged 1 commit into from Mar 7, 2017


Copy link

@dennisoelkers dennisoelkers commented Mar 7, 2017


Motivation and Context

This is the port of #3570 to the 2.2 branch.

Before this change it was possible to create user/role names containing one or more slashes or other special characters, but it was not possible to delete them afterwards from the web interface.

After this change, the user/role name used to construct the URL to the backend is escaped properly, so deletions suceed even if the user/role name contains one or more special characters.

Fixes #3569.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)


  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
* Escaping username component to allow usernames with slash.
* Allowing to handle deletion/updates of roles with special characters.
* Allowing editing/updating/deleting users with special characters in name
* Using proper route methods, escaping username in CurrentUserStore.

Fixes #3569

(cherry picked from commit 34446c2)
joschi approved these changes Mar 7, 2017
@joschi joschi merged commit f9a9d2b into 2.2 Mar 7, 2017
4 checks passed
4 checks passed
ci-web-linter Jenkins build graylog-pr-linter-check 1408 has succeeded
continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed
licence/cla Contributor License Agreement is signed.
@joschi joschi deleted the issue-3569-to-2.2 branch Mar 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants