New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added validation to stop single quotes being included in username. #1006

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
2 participants
@magicalbob

magicalbob commented Dec 13, 2014

Without this validation, a username including a single quote can't log in, and the user cannot be deleted.

The fact that the app doesn't handle single quotes in log in makes you think of SQL injection .....

I tried logging in with some dodgy usernames & password e.g. ' or '1'='1 but couldn't break in .... haven't looked at the code behind it though .....

Added validation to stop single quotes being included in username. Wi…
…thout this validation, a username including a single quote can't log in, and the user cannot be deleted.

@kroepke kroepke self-assigned this Jan 20, 2015

@kroepke kroepke added the bug label Jan 20, 2015

@kroepke kroepke added this to the 1.0.0 milestone Jan 20, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment