[dokuwiki] auth backend: user filters
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Mon, 27 Feb 2006 22:40:54 +0100
Hi Matthias and Chris and *!
I'm working on the pgsql backend and have some questions on the filters
used to restrict the displayed users in the user manager.
Am I right the filters are taken in the usermanager without any
validation and given as is to getUserCount() ?
So the auth backend needs to sanitize those filter to make sure no bad
characters are slipped in ?
Chris you changed _constructPattern() in the plain backend to allow
regexps, correct? So I can use regexps to find users when using the
plain backend?
Matthias you use the following in _createSQLFilter() of the mysql
backend:
$tmp=addslashes('%'.mysql_real_escape_string($pattern,$this->dbcon).'%'
);
Two questions on that:
Why addslashes and mysql_real_escape_string? Shouldn't be one of them
enough?
Am I right you're allowing SQL wildcards like _ and % ?
General questions:
Should backends allow such an extended matching?
Shouldn't we better use simple (DOS-Style) globbing using '*' and '?'
which then is translated to regexps or SQL like syntax by the backend?
Andi
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- Follow-Ups:
- [dokuwiki] Re: auth backend: user filters
- From: Chris Smith
Other related posts:
- » [dokuwiki] auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- » [dokuwiki] Re: auth backend: user filters
- [dokuwiki] Re: auth backend: user filters
- From: Chris Smith