American Parkour Forum

Not Parkour or Freerunning => Socialize => Topic started by: Zachary Cohn on February 19, 2009, 03:24:29 PM

Title: Please remove Special Characters from your usernames.
Post by: Zachary Cohn on February 19, 2009, 03:24:29 PM
Please remove all special characters from your usernames. If you have certain ones in your username, it prevents people from PMing you. Special characters are any non alpha-numeric character. (That means letters and numbers are okay, nothing else is).

If you want to use your name and your handle, you have the ability to modify your own title. My title says "Happydud" because that was my old handle. I strongly suggest you either make your username your name OR your handle, not both. It leads to long, confusing, annoying, and potentially disruptive usernames.

Thank you.
Title: Re: Please remove special characters from your usernames.
Post by: Andy Animus Tran on February 19, 2009, 03:25:41 PM
There really should  be a filter on that.  You'd think that the people who programmed the forum would've noticed such a blatant bug, eh?
Title: Re: Please remove special characters from your usernames.
Post by: Paul Leon Mederos on February 19, 2009, 03:42:46 PM
You would think, and I had hoped they would have patched it, but nien.
Title: Re: Please remove special characters from your usernames.
Post by: Alec Furtado on February 19, 2009, 08:47:01 PM
Well you can add " and ' as reserve names on the Set Reserve Names page of the Registration section of the admin panel (EDIT: oh and have "Match whole name only" unchecked). However, users can still change their display names to include ' and " unless you disable that. I wrote a hack to test against it but for some reason it's just not working. I guess I'll have to look into it a little further. If you wanna see, name crap is tested from profile change input in Sources/Profile.php starting on line 704. I added the sequence
Code: [Select]
elseif (strpos($_POST['realName'], '"') !== false)
$post_errors[] = 'bad_name';
Before the first else (ln711) within the if block. It should test if the string '"' (the doublequote) exists anywhere in the posted value. If it exists strpos() outputs the position of '"' inside the string. Otherwise it's false (and the expression should be executed). "bad_name" is just the entry of an error message in the language files. Not sure why it doesn't like it unless it is confused testing for '"'?


I gotta get back to homework lol.
Title: Re: Please remove special characters from your usernames.
Post by: Zachary Cohn on February 19, 2009, 11:38:08 PM
For everyone else, the error is similar to how a SQL injection works.

A) Someone's name is: John 'Jack' Jerry

B) Using your example as a reference, a line of code might look something like:
Code: [Select]
if (strpos($_POST['userName'])
C) What the computer sees is this:
Code: [Select]
if (strpos($_POST['John 'Jack' Jerry']
D) So what happens is that the computer sees everything in between the single quotes as what it's looking for. So it ends up looking for "John " and " Jerry", and then depending on the language Jack does... something or nothing.  So it basically tries to send a PM to John and Jerry, but not John 'Jack' Jerry.
Title: Re: Please remove special characters from your usernames.
Post by: Shamas on February 20, 2009, 08:12:37 AM
I didn't even notice that. Heh heh. Good catch (I didn't have characters in my name)
Title: Re: Please remove special characters from your usernames.
Post by: Zachary Cohn on February 21, 2009, 10:13:27 AM
Actually if you guys could help spread this message, I'd really appreciate it. If someone with special characters posts in a thread, just forward them to this thread. Don't go overboard, and only one person has to do it (We don't need ten people telling one person to remove special characters), but it'd help.

If you want to go to their profile and send them an email, that'd be good too, to make sure they see it.

Thanks.
Title: Re: Please remove special characters from your usernames.
Post by: Alec Furtado on February 21, 2009, 10:30:55 AM
Will do. ;)
Title: Re: Please remove special characters from your usernames.
Post by: Shamas on February 21, 2009, 12:19:01 PM
No problem.
Title: Re: Please remove Quotation Marks from your usernames.
Post by: Derik (QuikSilva) DaSilva on June 12, 2009, 09:17:56 PM
But parenthesis are fine, right?
Title: Re: Please remove Special Characters from your usernames.
Post by: Zachary Cohn on June 12, 2009, 09:44:28 PM
Prefer not. We're probably going to be upgrading the forum software soon to disable non alphanumeric.. so you should just change it now. :)
Title: Re: Please remove Special Characters from your usernames.
Post by: Alec Furtado on June 13, 2009, 02:19:39 PM
Funny how this is still v1.1.5... they have 1.1.9 now :D

While you're at it, can you please consider Auto-embed (http://custom.simplemachines.org/mods/index.php?mod=977)? It has support for over 200 media sites. Just upload the .zip and it's installed. Veerryy simple and very easy.
Title: Re: Please remove Special Characters from your usernames.
Post by: Zachary Cohn on June 13, 2009, 04:00:43 PM
We're in the process of updating all the components of APK. It just takes time. :)

(Also, one reason we've held off updating the forums is that we need a special bridge between joomla and smf so the users are shared between APK and the forums. Working on that..)
Title: Re: Please remove special characters from your usernames.
Post by: Dekudude on July 07, 2009, 03:41:51 PM
For everyone else, the error is similar to how a SQL injection works.

A) Someone's name is: John 'Jack' Jerry

B) Using your example as a reference, a line of code might look something like:
Code: [Select]
if (strpos($_POST['userName'])
C) What the computer sees is this:
Code: [Select]
if (strpos($_POST['John 'Jack' Jerry']
D) So what happens is that the computer sees everything in between the single quotes as what it's looking for. So it ends up looking for "John " and " Jerry", and then depending on the language Jack does... something or nothing.  So it basically tries to send a PM to John and Jerry, but not John 'Jack' Jerry.

Actually, no. I don't mean to burst your bubble (I thought along the same lines for quite a while) but that only works with SQL. PHP has security against that, and you'll be perfectly fine with a username such as "John 'Jack' Jerry".

Why?
MySQL is its own software based on PHP and other programming languages. It is built into the program, so it has to accept the programs' limitations.

PHP doesn't interpret if (strpos($_POST['John 'Jack' Jerry'])) like that. Instead, it sees it as if function strpos() returns true on on the $_POST variable which is equal to John 'Jack' Jerry, do whatever

MySQL, on the other hand, can't work that way. MySQL is based on queries. If you wrote the above code into a PHP script, you'd have problems, but user input won't mess anything up. In MySQL user input IS the script, so you WILL have issues.

Hope that makes sense. :)

If you want my input, I think limiting some special characters is a fine idea, but you should allow quotes, underscores, hyphens, and maybe even !@#$%^&*()_+, as they are accessible on nearly all keyboards.
Title: Re: Please remove Special Characters from your usernames.
Post by: Zachary Cohn on July 07, 2009, 07:42:56 PM
Well, there's something going on then. Sending a PM to user: James "Jim" Kirk   will result in an error. I don't remember exactly what it is, but it has to do with the quotations, I may have posted it earlier in the thread.
Title: Re: Please remove Special Characters from your usernames.
Post by: Dekudude on July 11, 2009, 11:15:01 AM
That's weird... it shouldn't do that. Are you using the built-in SMF PM system, or something modified on another part of the site?
Title: Re: Please remove Special Characters from your usernames.
Post by: Alec Furtado on July 11, 2009, 11:41:58 AM
But it is still "similar to how a SQL injection works."


Depending on what they are using as the string delimiters, either ' or " may screw things up. What you could do is replace those with their respective character codes (""" and "&lsquot;" / "&rsquot;")
Title: Re: Please remove Special Characters from your usernames.
Post by: Dekudude on July 12, 2009, 10:00:27 PM
Yeah, quotations marks can jack things up... but I'm just saying things like & and ] can't. What's weird, though, is that the error is showing up. SMF forums are extremely stable AND secure. Makes no sense to me.

Oh well. :P
Title: Re: Please remove Special Characters from your usernames.
Post by: Skye on July 14, 2009, 07:28:09 PM
Question, see my name everywere is A-SkyfiOriginal  here it is ASkyfiOriginal
If I change it to A-SkyfiOriginal will that count as a special charater?
Title: Re: Please remove Special Characters from your usernames.
Post by: Alec Furtado on July 15, 2009, 07:32:46 PM
No, that shouldn't cause a problem with the process.
Title: Re: Please remove Special Characters from your usernames.
Post by: Lars on February 16, 2010, 05:30:34 PM
Any reason I'd need to edit mine? I almost always use underscores - too many systems can handle those better than spaces. :-) Cheers!

Moose
Title: Re: Please remove Special Characters from your usernames.
Post by: /shane/ on May 18, 2010, 08:08:43 AM
Do these slashes count? I only have them because shane is already taken.
Title: Re: Please remove Special Characters from your usernames.
Post by: Rebecca Myers on May 19, 2010, 01:45:50 PM
They count.
Title: Re: Please remove Special Characters from your usernames.
Post by: /shane/ on May 19, 2010, 03:19:31 PM
Well what if I don't mind not getting PM's? I don't think the name confusion applies because it's pretty obvious my name is shane, what's the big deal?
Title: Re: Please remove Special Characters from your usernames.
Post by: scott on August 03, 2010, 09:45:13 AM
man now i gotta re-re-edit my name lolz thats what 2 secs from my rest day
Title: Re: Please remove Special Characters from your usernames.
Post by: Tex__ on July 18, 2011, 10:18:17 AM
is __ a special character?
Title: Re: Please remove Special Characters from your usernames.
Post by: Jordan Bates on April 14, 2012, 06:49:06 PM
^Yeah underscores are

___


I never knew of this. Would the slashed o in my name count? I can't imagine that being a problem but yeah.  :-\
Title: Re: Please remove Special Characters from your usernames.
Post by: source on March 15, 2013, 08:12:32 PM
Got rid of the apostrophe on my name. Wow, didn't even realize that PMs are impossible with special characters.
Title: Please remove Special Characters from your usernames
Post by: CherylHiz on October 16, 2019, 05:46:57 AM
Might be there to prevent choppy water from flying into the boat...He could have probably found a way to outfit a pod-like extension to the splash guard, but this might do as well.
Title: Please remove Special Characters from your usernames
Post by: CherylHiz on October 23, 2019, 07:40:35 PM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: CherylHiz on October 24, 2019, 09:33:14 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: Nancypiz on October 24, 2019, 05:47:34 PM
bootrec /fixmbr is the right way.
I dont know why it fail.
Be sure that only one harddisk and no USB-Memory is in the system to modify the right MBR.

Gernot
Title: Please remove Special Characters from your usernames
Post by: Paulinelurry on November 12, 2019, 08:45:10 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: Joannbow on November 14, 2019, 08:07:05 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: Kathrynpem on November 21, 2019, 07:58:54 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: Candiceesoma on December 09, 2019, 12:09:01 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: Aurorachuch on December 14, 2019, 08:55:20 PM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico
Title: Please remove Special Characters from your usernames
Post by: JaimeNus on December 21, 2019, 06:22:36 AM
Hi,

Im trying to find a way to get puddletag to automatically remove or replace certain special characters when Tag->File.  I have some mp3s with "<" and ">" which are not in the set of those automatically removed by puddletag, so they are still there when I Tag->File, but when I backup with rsync these files wont be copied because of the "<" and ">" characters.  I there a way to implement the automatic removal with some ifsomething in the pattern I use?  Thanks

Federico