GNOME Bugzilla – Bug 699940
Prevent whitespace-only account names
Last modified: 2013-05-17 14:35:00 UTC
These changes prevent users from creating an account with an "invisible" real name consisting solely of whitespace characters (spaces and tabs). Empty account names can cause confusion on the login screen, where only the user icon shows.
Created attachment 243603 [details] [review] [1/2] Dissallow whitespace-only names This ensures that names do not consist solely of whitespace characters when they are validated. An whitespace-only name is classed as invalid.
Created attachment 243604 [details] [review] [2/2] Validate real name on change This prevents users from setting an invalid real name for an account by editing the name widget on the user panel. This applies the same validation as is done during account creation by the add account dialog.
Created attachment 243718 [details] Screenshot showing whitespace-only account names In this screenshot of the accounts settings window, users `example[123]' each have unique though indistinguishable account names consisting of varying numbers of space characters. Since the login screen only shows the real name and not the system usernames, it is not possible to tell these users apart.
Review of attachment 243603 [details] [review]: ::: panels/user-accounts/um-utils.c @@ +477,3 @@ + /* Name cannot consist solely of whitespace */ + for (c = name; *c; c++) { + if (c != ' ' && c != '\t') { That's not a good enough test, IMO. It only checks for space and tabs, and doesn't block other UTF-8 "space" symbols. I'd use g_unichar_isspace() and co. to check it instead.
Review of attachment 243604 [details] [review]: That looks correct.
Created attachment 244313 [details] [review] v2: Dissallow whitespace-only names You're right, thanks. I wasn't aware of the g_unichar_* family. Attached is a more robust version.
Review of attachment 244313 [details] [review]: ::: panels/user-accounts/um-utils.c @@ +476,3 @@ + /* Name cannot consist solely of whitespace */ + for (c = name; *c; c++) { Right. You also need to use g_utf8_ functions to iterate over the characters, otherwise this will break with 2-byte and bigger characters. for (c =name; *c ; g_utf8_next_char(c))
Created attachment 244335 [details] [review] v3: Dissallow whitespace-only names Thanks for your patience. Getting there!
Review of attachment 244335 [details] [review]: ::: panels/user-accounts/um-utils.c @@ +481,1 @@ + unichar = g_utf8_get_char_validated (&name[i], -1); I doubt it compiles. Where's "i" defined?
Created attachment 244385 [details] [review] v3: Dissallow whitespace-only names Oops, git blooper. Submitted the wrong patch, here's the tested version.
Pushed, thanks for the patches!