Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Users are Able to Create Usernames >8 Characters
#1
THT Version: 1.2
Your THT installation URL: http://niftyhost.us/client
Browser (including version): Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) - Build ID: 20100115144158
Your Operating System: Windows Vista with all the latest fixes
Server's Operating System: CENTOS 5.4 x86_64 virtuozzo
Apache Version: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Control Panel Type: WHM
Control Panel Version: WHM 11.25.0
Error: Makes it impossible to log in to cPanel if you're stupid.
Problem: On my installation of THT, users were able to create usernames with lengths of more than 8 characters. I've made a quick fix to this problem by applying a MAXLENGTH attribute to /include/tpl/orderform.tpl, but it's easy to bypass and it makes their account not work as expected.
#2
See:
http://thehostingtool.com/forum/thread-645.html
http://thehostingtool.com/forum/thread-498.html
Nelson - Retired TheHostingTool Developer
[Image: sleek.png]
#3
Oh gawd, sorry.
#4
I figured i would post here, since its the most recent topic for this event...

Can you release a patch for this NOW?
My server is getting 10+ registrations a day and over 1/2 of those run into this issue... It would save me a TON of time that im currently spending on tickets (which i cant delete..arg)... Or can 1.2.1 come out like today? Hehe... Please?
[Image: sig.png]
#5
(03-18-2010, 03:17 PM)zzbomb Wrote: I figured i would post here, since its the most recent topic for this event...

Can you release a patch for this NOW?
My server is getting 10+ registrations a day and over 1/2 of those run into this issue... It would save me a TON of time that im currently spending on tickets (which i cant delete..arg)... Or can 1.2.1 come out like today? Hehe... Please?

If all goes well, it could be this weekend. Wink
Kevin Mark - TheHostingTool Lead Developer
#6
<3 Kevin!
[Image: sig.png]
#7
(03-18-2010, 03:17 PM)zzbomb Wrote: I figured i would post here, since its the most recent topic for this event...

Can you release a patch for this NOW?
My server is getting 10+ registrations a day and over 1/2 of those run into this issue... It would save me a TON of time that im currently spending on tickets (which i cant delete..arg)... Or can 1.2.1 come out like today? Hehe... Please?

Includes slash templates or something has a file called orderform.tpl, add a maxlength attribute to the username field for a quick fix.
#8
Hmm yea i am just going to wait, should be any day now. And that wont tell people there is an issue until after they submit, will just be another weird error... Ill wait... Today 1.2.1 Hopefully!!!
[Image: sig.png]


Forum Jump:


Users browsing this thread: 1 Guest(s)