[buddypress-trac] [BuddyPress] #2310: There is a serious bug in buddypress 1.2.3 signup validation for username

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Thu Apr 15 14:10:49 UTC 2010 

#2310: There is a serious bug in buddypress 1.2.3 signup validation for username
----------------------------+-----------------------------------------------
 Reporter:  faisalzulfiqar  |       Owner:                                    
     Type:  defect          |      Status:  new                               
 Priority:  critical        |   Milestone:  1.2.4                             
Component:  Core            |    Keywords:  register,mysql error,illegal_names
----------------------------+-----------------------------------------------
 Hi I work at Mindblaze Technologies,

 I was deploying a site for one of our clients opentuition.com and I found
 this.

 In bp-core/bp-core-signup.php

 This code has serious problem:

 $db_illegal_names = get_site_option( 'illegal_names' );
 $filtered_illegal_names = apply_filters( 'bp_core_illegal_usernames',
 array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator',
 BP_GROUPS_SLUG, BP_MEMBERS_SLUG, BP_FORUMS_SLUG, BP_BLOGS_SLUG,
 BP_REGISTER_SLUG, BP_ACTIVATION_SLUG ) );

 $illegal_names = array_merge( (array)$db_illegal_names,
 (array)$filtered_illegal_names );

 in it "array_merge" function is embedding "array( 'www', 'web', 'root',
 'admin', 'main', 'invite', 'administrator', BP_GROUPS_SLUG,
 BP_MEMBERS_SLUG, BP_FORUMS_SLUG, BP_BLOGS_SLUG, BP_REGISTER_SLUG,
 BP_ACTIVATION_SLUG )" at the end of "$db_illegal_names" so every time
 validation function is called it gets appended and the size of this field
 starts to increase until the point that it breaks the update query which
 becomes huge after a hundred sign ups or so.

 the last line should be like this:
 $common_names = array_intersect( (array)$db_illegal_names,
 (array)$filtered_illegal_names );
 $diff_names = array_diff( (array)$db_illegal_names,
 (array)$filtered_illegal_names );
 $illegal_names = array_merge( (array)$diff_names, (array)$common_names );

 "array_merge" function merges arrays with numeric keys that is why here we
 can not use "array_merge"

-- 
Ticket URL: <http://trac.buddypress.org/ticket/2310>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list