In some circumstances a manually entered or an automatically generated client name will erroneously be reported as "already in use" and the user requested to make another choice.

This arises because the function hosting_client_sanitize which checks the proposed name and strips out invalid characters etc is happy to accept an underscore as a valid character in the name. However, all checks to the database use the construct "WHERE uname LIKE '%s'", and the underscore is a wildcard representing any single character in SQL queries.

This could be fixed by having the SQL statements expressed as "WHERE uname = '%s'" (which is probably a bit more efficient) or by having the function hosting_client_sanitize strip underscores as well.

Comments

Steven Jones’s picture

We should just do the LIKE query correctly, we should escape our input using something like:

return addcslashes($string, '\%_');
Steven Jones’s picture

Status: Active » Fixed

Thanks for the bug report, pushed a fix to both 6.x-2.x and 6.x-1.x.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 55cdeb0 on 6.x-2.x, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x by Steven Jones:
    Issue #1435098 by Steven Jones: Fixed Client name validate sometimes...

  • Commit 55cdeb0 on 6.x-2.x, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x by Steven Jones:
    Issue #1435098 by Steven Jones: Fixed Client name validate sometimes...