Fast edit - Bug when user names have . or _ in it

[Heart1010]

Hi,

we have some users in our db which have "." or "_" in the username. In that case the fast edit don't work anymore because if you're using strings as indices in the $_POST array, that periods are transformed into underscores and that way the

Code: Select all

 $pieces = explode('_', $key); 

(in calendar_inc.php) gets filled with wrong values.

So two options
1) change all the "sel_abs_<username>_<year>_<month>_<day>" values to another glue string
or
2) make sure no user can have "." or "_" (or a space) in the username (proof that on registration page for example but what to do with the existing users... hm)

[George]

Hi Heart1010
that's a great bug - or not so great depending on your point of view.

True: Usernames must not contain anything else than alphanumeric charcters for the tag ID s to work. And that is checked upon manual user creation but was not checked consistently, like in the registration page or during CSV import. My mistake. I have fixed those checks now.

I cannot replace the underscore with a different character since any other character might have been used during a registration process or CSV import and might still break the Fast Edit. Also, not all characters will validate against W3C when used in attributes.

I fixed all format checks now but I have to leave updating the "incorrect" usernames in existing installations to the administrator of those. An update script could change the values but takes control out of the admins hand in regards to informing the users that their username has changed. I will make a note fo that in the Upgradeinfo.txt file for the next release.

Thanks for spotting this.
Best regards,
George

[Heart1010]

Great you fixed it already.

I've used attached script to auto search/replace all "wrong" userid's with a correct one and informed the users per message/mail about their new userid.

Code: Select all

<?php  
  header("Content-Type: text/plain");

  $host = "localhost";
  $username = "dbuser";
  $password = "password";
  $database = "db277411111";
  $string_to_replace  = 'older_userid';   // change that to actual/wrong userid you have in your db
  $new_string = 'new_userid';  // change that to the new userid
  
  // Connect to database server
  mysql_connect($host, $username, $password);

  // Select database
  mysql_select_db($database);

  // List all tables in database
  $sql = "SHOW TABLES FROM ".$database;
  $tables_result = mysql_query($sql);

  if (!$tables_result) {
    echo "Database error, could not list tables\nMySQL error: " . mysql_error();
    exit;
  }

  echo "In these fields '$string_to_replace' have been replaced with '$new_string'\n\n";
  while ($table = mysql_fetch_row($tables_result)) {
    echo "Table: {$table[0]}\n";
    $fields_result = mysql_query("SHOW COLUMNS FROM ".$table[0]);
    if (!$fields_result) {
      echo 'Could not run query: ' . mysql_error();
      exit;
    }
    if (mysql_num_rows($fields_result) > 0) {
      while ($field = mysql_fetch_assoc($fields_result)) {
        if (stripos($field['Type'], "VARCHAR") !== false || stripos($field['Type'], "TEXT") !== false) {
          echo "  ".$field['Field']."\n";
          $sql = "UPDATE ".$table[0]." SET ".$field['Field']." = replace(".$field['Field'].", '$string_to_replace', '$new_string')";
          mysql_query($sql);
        }
      }
      echo "\n";
    }
  }

  mysql_free_result($tables_result);  
?>

[George]

Great!
Thanks for the script. It might be helpful for others running into the same issue.