Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize user names on sql-sanitize. #6057

Open
wants to merge 2 commits into
base: 13.x
Choose a base branch
from

Conversation

primsi
Copy link

@primsi primsi commented Jul 9, 2024

Fixes #4609

@weitzman
Copy link
Member

weitzman commented Jul 9, 2024

Thanks! Ideally we add test coverage for this. We can probably add on tgo an existing test.

Copy link
Contributor

@andriokha andriokha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, hope it's ok I put down some thoughts.


// Updates usernames to the pattern user_%uid.
$query
->condition($uid_column, 0, '>')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That condition's already added further up.

Suggested change
->condition($uid_column, 0, '>')

// Updates usernames to the pattern user_%uid.
$query
->condition($uid_column, 0, '>')
->expression($name_column, "CONCAT('user_', $uid_column)");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the email code, it appears we'd need a different format for different DB drivers I think?

Comment on lines +89 to +91
[$name_table, $name_column] = $this->getFieldTableDetails('user', 'name');
[$uid_table, $uid_column] = $this->getFieldTableDetails('user', 'uid');
assert($uid_table === $name_table);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW to my mind this clashes a little with the existing style where the table and column names have been hardcoded. Not sure if that means it's better to stick with the current style or update the others personally (:

If we do keep it, I think we need to catch any exceptions, we don't want to explode the sanitize command as a whole.

@MakerTim
Copy link
Contributor

MakerTim commented Jan 3, 2025

At SWIS we use this patch for 100% of our projects since 2024-10-07 without any issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Sanitize user names on sql-sanitize
4 participants