@tsteur opened this Issue on June 5th 2016 Owner

To reproduce enable setting:

[General] disable_checks_usernames_attributes = 1

Then create user eg with login rwer<§$4ä"34&'34;34

I couldn't delete that user afterwards and also it's not displayed correctly in the UI:

Tested with latest Piwik 2.16.1

I presume fixing it might not be easy as we would need to check all places where the login is used re possible xss if we output the login via {{ login|raw }} instead of {{ login }} currently

@sgiehl commented on September 10th 2017 Member

This issue does not fully exist anymore. While the login is still stored encoded in the database it is possible to remove it in 3.0.
We could try to use {{ login|rawSafeDecoded }} to fix the encoding in the UI, but imho the username shouldn't be stored encoded in the database.

@mattab commented on September 18th 2017 Owner

@sgiehl maybe you could close this issue (if the two issues of deleting + displaying) are fixed?

Powered by GitHub Issue Mirror