WordPress.org

Making WordPress.org

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#1247 closed defect (invalid)

At sign/arroba in WP.org Username causes Trac Profile link to fail

Reported by: chriscct7 Owned by:
Milestone: Priority: normal
Component: Trac Keywords: needs-patch
Cc:

Description

If a username contains an ampersand, on Trac, the link to the user doesn't work on tickets. Example: the guy who wrote the patch on https://core.trac.wordpress.org/ticket/12684#comment:12. While usernames can have ampersands in WordPress and that's fine, based on that bug, maybe Trac needs to be audited to make sure that can't cause anything unintended security wise over there?

Change History (9)

#1 @chriscct7
4 years ago

  • Summary changed from Ampersand in WP.org Username causes trac wierdness to Ampersand in WP.org Username causes Trac Profile link to fail

#2 @chriscct7
4 years ago

  • Cc chriscct7@… added

#3 follow-up: @samuelsidler
4 years ago

We should just stop allowing weird characters in usernames. Didn't we do that already at some point? @Otto42?

But the link you gave was to a username that has an at symbol, not an ampersand. :)

#4 @chriscct7
4 years ago

  • Summary changed from Ampersand in WP.org Username causes Trac Profile link to fail to At sign/arroba in WP.org Username causes Trac Profile link to fail

Heh, indeed, at sign/arroba not ampersand. Will correct.

#5 in reply to: ↑ 3 @netweb
4 years ago

[[Image(Replying to samuelsidler:

Didn't we do that already at some point? @Otto42?

Not @ for Trac as far as I can tell (or remember)

We've done these @ things though ;)

#80 Link @usernames across network
#82 @username links should go to profile, not mentions
#216 Block @ in WPORG usernames

#6 follow-up: @Otto42
4 years ago

  • Resolution set to invalid
  • Status changed from new to closed

We stopped allowing at symbols in usernames a while back. However, people who had made usernames prior to that point probably still have them.

However, dipali.dhole27's profile link works fine.

#7 in reply to: ↑ 6 ; follow-up: @chriscct7
4 years ago

Replying to Otto42:

We stopped allowing at symbols in usernames a while back. However, people who had made usernames prior to that point probably still have them.

However, dipali.dhole27's profile link works fine.

The link I get when logged in is "https://profiles.wordpress.org/dipali.dhole27@%E2%80%A6". This when clicked redirects to the WordPress.org homepage

#8 in reply to: ↑ 7 @SergeyBiryukov
4 years ago

Replying to chriscct7:

The link I get when logged in is "https://profiles.wordpress.org/dipali.dhole27@%E2%80%A6". This when clicked redirects to the WordPress.org homepage

Confirmed (when logged out though, not when logged in).

#9 @Otto42
4 years ago

When logged out, it does show a difference there. However, I think the issue may be the length of the username? Trac seems to be shortening it, or truncating it because it recognizes it as an email? Not sure. Works fine when logged in, for me.

I think the bottom line is that usernames should not be email addresses. We don't allow them anymore. Probably no way to fix this without that person creating a new account, and not using the email for the username.

Note: See TracTickets for help on using tickets.