Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted February 25, 201311 yr I read this: http://www.invisionpower.com/support/guides/_/advanced-and-developers/integration/login-modules-r42 The $password variable that is passed to this method has already been run through the IP.Board input cleansing routines, meaning certain characters have been replaced with HTML entities. If your external application does not do the same thing, this may mean passwords with special characters will fail if you do not account for this. The special characters that IP.Board will replace are: to \ ; ( no space between 2 and ; ) ! to ! $ to $ & to & " to " < to < > to > ' to ' You may wish to convert these characters back to their original form in the $password variable before sending it to your remote application for validation, if appropriate. And I fell into the trap of writing my str_replace in the order the chars were mentioned. And this may be extremely obvious (I might be the stupid one here...), but it took me quite a while to figure it out. I'm thinking that other developers possibly could fall into the trap aswell. Causing input pw! to be converted into pw&! So I think it would be a good idea to 1. Move & to & at the top of the list 2. Add in a description that it's important it's the first replace done.
April 22, 201311 yr Not only the $password field are encoded with HTML entities, also $username. Maybe also $email_address? Specify it in the documentation.
April 23, 201311 yr Email address is, however the characters we encode are largely not valid (or at least commonly used) in email addresses anyways. Nevertheless, I've updated the doc again to indicate this.
Archived
This topic is now archived and is closed to further replies.