#1247 closed defect (bug) (invalid)
At sign/arroba in WP.org Username causes Trac Profile link to fail
Reported by: | chriscct7 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Trac | Keywords: | needs-patch |
Cc: |
Description
If a username contains an ampersand, on Trac, the link to the user doesn't work on tickets. Example: the guy who wrote the patch on https://core.trac.wordpress.org/ticket/12684#comment:12. While usernames can have ampersands in WordPress and that's fine, based on that bug, maybe Trac needs to be audited to make sure that can't cause anything unintended security wise over there?
Change History (9)
#1
@
9 years ago
- Summary changed from Ampersand in WP.org Username causes trac wierdness to Ampersand in WP.org Username causes Trac Profile link to fail
#4
@
9 years ago
- Summary changed from Ampersand in WP.org Username causes Trac Profile link to fail to At sign/arroba in WP.org Username causes Trac Profile link to fail
Heh, indeed, at sign/arroba not ampersand. Will correct.
#5
in reply to:
↑ 3
@
9 years ago
[[Image(Replying to samuelsidler:
Didn't we do that already at some point? @Otto42?
Not @
for Trac as far as I can tell (or remember)
We've done these @
things though ;)
#80 Link @usernames across network
#82 @username links should go to profile, not mentions
#216 Block @ in WPORG usernames
#6
follow-up:
↓ 7
@
9 years ago
- Resolution set to invalid
- Status changed from new to closed
We stopped allowing at symbols in usernames a while back. However, people who had made usernames prior to that point probably still have them.
However, dipali.dhole27's profile link works fine.
#7
in reply to:
↑ 6
;
follow-up:
↓ 8
@
9 years ago
Replying to Otto42:
We stopped allowing at symbols in usernames a while back. However, people who had made usernames prior to that point probably still have them.
However, dipali.dhole27's profile link works fine.
The link I get when logged in is "https://profiles.wordpress.org/dipali.dhole27@%E2%80%A6". This when clicked redirects to the WordPress.org homepage
#8
in reply to:
↑ 7
@
9 years ago
Replying to chriscct7:
The link I get when logged in is "https://profiles.wordpress.org/dipali.dhole27@%E2%80%A6". This when clicked redirects to the WordPress.org homepage
Confirmed (when logged out though, not when logged in).
#9
@
9 years ago
When logged out, it does show a difference there. However, I think the issue may be the length of the username? Trac seems to be shortening it, or truncating it because it recognizes it as an email? Not sure. Works fine when logged in, for me.
I think the bottom line is that usernames should not be email addresses. We don't allow them anymore. Probably no way to fix this without that person creating a new account, and not using the email for the username.
We should just stop allowing weird characters in usernames. Didn't we do that already at some point? @Otto42?
But the link you gave was to a username that has an at symbol, not an ampersand. :)