Join GitHub today
Added validation to stop single quotes being included in username. #1006
Without this validation, a username including a single quote can't log in, and the user cannot be deleted.
The fact that the app doesn't handle single quotes in log in makes you think of SQL injection .....
I tried logging in with some dodgy usernames & password e.g. ' or '1'='1 but couldn't break in .... haven't looked at the code behind it though .....