Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User names forbidden by RFC 7617 are allowed #925

Closed
JKingweb opened this issue Dec 24, 2020 · 0 comments · Fixed by #3018
Closed

User names forbidden by RFC 7617 are allowed #925

JKingweb opened this issue Dec 24, 2020 · 0 comments · Fixed by #3018
Assignees
@jvoisin
Labels
wishlist

Comments

@JKingweb
Copy link

RFC 7617 notes:

The user-id and password MUST NOT contain any control characters (see "CTL" in Appendix B.1 of RFC5234).

Furthermore, a user-id containing a colon character is invalid, as the first colon in a user-pass string separates user-id and password from one another; text after the first colon is part of the password. User-ids containing colons cannot be encoded in user-pass strings.

While Basic authentication is only one of several authentication schemes supported by Miniflux, and both controls and colons are uncommonly used in usernames, it may help to avoid confusion by simply forbidding them.
jvoisin added a commit to jvoisin/v2 that referenced this issue Dec 16, 2024
@jvoisin
Validate usernames upon creation
cc2f489 
This should close miniflux#925
@jvoisin jvoisin mentioned this issue Dec 16, 2024
Merged
@jvoisin jvoisin self-assigned this Dec 19, 2024
jvoisin added a commit to jvoisin/v2 that referenced this issue Dec 25, 2024
@jvoisin
Validate usernames upon creation
fa32b74 
This should close miniflux#925
jvoisin added a commit to jvoisin/v2 that referenced this issue Dec 26, 2024
@jvoisin
Validate usernames upon creation
e54ff95 
The validation doesn't apply to already created usernames.

This should close miniflux#925
jvoisin added a commit to jvoisin/v2 that referenced this issue Dec 26, 2024
@jvoisin
Validate usernames upon creation
bcccb87 
The validation doesn't apply to already created usernames.

This should close miniflux#925
jvoisin added a commit to jvoisin/v2 that referenced this issue Dec 26, 2024
@jvoisin
Validate usernames upon creation
921862e 
The validation doesn't apply to already created usernames.

This should close miniflux#925
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvoisin jvoisin

Labels
wishlist
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Validate usernames upon creation jvoisin/v2
3 participants
@JKingweb @fguillot @jvoisin