SMF 2.0.19 has been released! Please update. Read more.
Started by GL700Wing, September 12, 2021, 07:46:21 PM
Quote from: Aleksi "Lex" Kilpinen on September 13, 2021, 11:45:31 AMInteresting, but similar things have popped up before as well. It's an old issue with how SMF checks (checked? Not sure if this has been addressed) for reserved usernames, that can't really be automatically fixed for existing accounts retroactively.
Quote from: Diego Andrés on September 14, 2021, 07:53:58 PMShould we move it to the bugs board?
Quote from: Illori on September 15, 2021, 04:55:39 AMQuote from: Diego Andrés on September 14, 2021, 07:53:58 PMShould we move it to the bugs board? i am not sure it is a big enough bug to be worth the devs time to fix it. this has existed forever and very few have exploited it.
Quote from: Arantor on September 16, 2021, 11:07:10 AMBecause characters and bytes are not the same thing, and characters up past 0x7f are specially encoded and extra care needs to be taken.E.g. 0xA0 and U+00A0 are absolutely not the same thing. (Incidentally U+00A0 *is* on the excluded list.)
Quote from: asmith on September 17, 2021, 01:40:02 AMThis is another reason why you should never let your users to change their displayname.
Quote from: Chief of Nothing on September 16, 2021, 03:19:40 AMYep, it's definitely still possible to put 0x0F not only into the display name but also the real name upon registration as well. I do think we need to fix this, as putting non graphic characters in the display name at least can be used for ill intent to impersonate others, if not just confusing for others.
Quote from: Arantor on September 17, 2021, 03:55:17 AMOr you could allow it and let people have some additional security for free (Arantor is not my username)