Skip to content
This repository has been archived by the owner. It is now read-only.

Added validation to stop single quotes being included in username. #1006

Closed
wants to merge 1 commit into from

Conversation

@magicalbob
Copy link

@magicalbob magicalbob commented Dec 13, 2014

Without this validation, a username including a single quote can't log in, and the user cannot be deleted.

The fact that the app doesn't handle single quotes in log in makes you think of SQL injection .....

I tried logging in with some dodgy usernames & password e.g. ' or '1'='1 but couldn't break in .... haven't looked at the code behind it though .....

…thout this validation, a username including a single quote can't log in, and the user cannot be deleted.
@kroepke kroepke self-assigned this Jan 20, 2015
@kroepke kroepke added the bug label Jan 20, 2015
@kroepke kroepke added this to the 1.0.0 milestone Jan 20, 2015
@kroepke kroepke closed this in aba165b Jan 20, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants