View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 6085 | Composr | core_cns | public | 2024-12-21 21:31 | 2024-12-21 21:31 |
| Reporter | PDStig | Assigned To | PDStig | ||
| Priority | high | Severity | feature | ||
| Status | resolved | Resolution | fixed | ||
| Product Version | 11.beta5 | ||||
| Summary | 6085: Change get_username_from_human_name to process_username_discriminator | ||||
| Description | The current method of handling duplicate usernames in Composr is suffixing an incremental number at the end in parenthesis. This is generally considered bad practice for security reasons; we should instead use "discriminators", which is a hash (#) followed by a series of random numbers and letters (we will do 4 of them). This fix also optimises the function so we are not querying the database on every test / iteration to find a discriminator which is not used. In the future, we should consider an option allowing to force all (newly) registered accounts to receive a discriminator at the end of their specified username. And "get_username" should omit the discriminator when the display name parameter is true. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Fixed in Git commit ff3c4c4f69 (https://gitlab.com/composr-foundation/composr/commit/ff3c4c4f69 - link will become active once code pushed to GitLab) |
|
|
A hotfix (a TAR of files to upload) has been uploaded to this issue. Only apply this hotfix if you absolutely need it and cannot wait until the next release of Composr (releases are more reliable and strictly tested). As of Composr version 11, the recommended way to apply a hotfix is by following the same steps as an upgrade (https://baseurl/upgrader.php, use the hotfix on the step “Transfer across new/updated files”). The upgrader will automatically skip files belonging to addons you do not have installed or that are newer on disk than in the hotfix. Otherwise, you can manually extract and replace these files (do not replace if your on-disk file is newer than the one in the hotfix). Always take backups of your site or at least files you are replacing before applying a hotfix. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
