Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Piwik::checkValidLoginString(): allow "@" in login #1762

Closed
anonymous-piwik-user opened this Issue · 8 comments

3 participants

@anonymous-piwik-user

Currently, piwik explicitely forbid use of "@" in a user login. (only [a-zA-Z0-9-._] are allowed )

It doesn't make much sense to forbid the "@" and it make it impossible to integrate piwik with any service where the login is the email (such as lot of LDAP setup).

@anonymous-piwik-user

Fixing this bug is really easy :

core/Piwik.php, line 1595

replace:

&& (preg_match('/^[A-Za-z0-9_.-]*$/', $userLogin) > 0))

By

&& (preg_match('/^[@A-Za-z0-9_.-]*$/', $userLogin) > 0))

@anonymous-piwik-user

(I've tested it and it works great)

@robocoder
Collaborator

re: LDAP. Is this change necessary, given the LDAP plugin in #734?

@anonymous-piwik-user

I guess it is because it looks like the http_auth plugin is more interesting anyway. Ldap is only use to do authentification, piwik still do the authorization.

Comments in the bug related to the http_auth plugin seems to think the same;-)

@mattab
Owner

increasing priority, as it makes sense to allow @ in logins

@mattab
Owner

(In [3381]) Fixes #1762

@robocoder
Collaborator

(In [3388]) refs #1762 - fix unit test

@robocoder
Collaborator

(In [3646]) fixes #1970, refs #1762 - add more unit tests

@anonymous-piwik-user anonymous-piwik-user added this to the Piwik 1.1 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.