Case: Try to create an account which contains a '#': 'abc#efg'
The created account is 'abc' only, truncated silently at '#'.
Version: 1.11.x
Severity: normal
Case: Try to create an account which contains a '#': 'abc#efg'
The created account is 'abc' only, truncated silently at '#'.
Version: 1.11.x
Severity: normal
robchur wrote:
Well, "#" is not a valid character in page titles, and the fragment is removed
when the username undergoes title normalisation. Not sure what's the best method
to handle this; perhaps we could do a basic check that the username entered is
the same (for some metric of "the same") as the result from said normalisation.
robchur wrote:
Added an explicit check in r22266. This won't affect existing accounts, because it's not possible to save a username into the database containing a hash; what this will do, however, is avoid confusion due to silent truncation of fragments during account creation.