You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 8, 2019. It is now read-only.
Adding a user with a single quote in username is accepted by graylog2-web-interface, but you can't log in with that user and you can't delete the user.
Add
if (username.indexOf("'") > -1 ) {
validationFailure( createUsernameField, "Username can't have quotes.");
domElement.setCustomValidity('Username cannot have quotes.');
} else {
$.ajax({
.
.
.
});
}
to app/assets/javascripts/main.js stops anyone from doing something stupid like putting a single quote in a username.
I'm a newb and haven't worked out how to commit changes .......
The text was updated successfully, but these errors were encountered:
there were two issues:
* the rest routes weren't url escaping the path parameters (this creates an implicit dependency on guava > 15.0!)
* the api client used MessageFormat to create the path template, but that could kill certain unescaped characters like quotes
now users with single or douple quotes in their username will be able to successfully log in
fixesgraylog-labs/graylog2-web-interface#1005fixesgraylog-labs/graylog2-web-interface#1006
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Adding a user with a single quote in username is accepted by graylog2-web-interface, but you can't log in with that user and you can't delete the user.
Add
.
.
.
to app/assets/javascripts/main.js stops anyone from doing something stupid like putting a single quote in a username.
I'm a newb and haven't worked out how to commit changes .......
The text was updated successfully, but these errors were encountered: