Jump to content

Small update request on login modules documentation


Recommended Posts

I read this: http://www.invisionpower.com/support/guides/_/advanced-and-developers/integration/login-modules-r42

The $password variable that is passed to this method has already been run through the IP.Board input cleansing routines, meaning certain characters have been replaced with HTML entities. If your external application does not do the same thing, this may mean passwords with special characters will fail if you do not account for this. The special characters that IP.Board will replace are:

  • to &#092 ; ( no space between 2 and ; )
  • ! to !
  • $ to $
  • & to &
  • " to "
  • < to &lt;
  • > to &gt;
  • ' to &#39;
You may wish to convert these characters back to their original form in the $password variable before sending it to your remote application for validation, if appropriate.

And I fell into the trap of writing my str_replace in the order the chars were mentioned.

And this may be extremely obvious (I might be the stupid one here...), but it took me quite a while to figure it out. I'm thinking that other developers possibly could fall into the trap aswell.

Causing input pw! to be converted into pw&amp;&#33;

So I think it would be a good idea to

1. Move & to &amp; at the top of the list

2. Add in a description that it's important it's the first replace done.

Link to comment
Share on other sites

  • 1 month later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...