Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
We had a report of a user who generated watchdog errors when attempting to log in, and mistakenly including a bracket in the username. The error was as follows:
Warning: preg_grep(): Compilation failed: missing terminating ] for character class at offset 109 in login_security_validate() (line 236 of /sites/all/modules/login_security/login_security.module).
On further investigation, it is clear the issue is in the preg_grep
call in Login Security. The $name
is not properly escaped, and will created an error if a single bracket (for example, "[") is entered in the username.
See the attached patch which should correct the issue. Thank you.
Comment | File | Size | Author |
---|---|---|---|
#2 | login_security-preg_grep_error-3143621-2.patch | 909 bytes | ron_s |
Comments
Comment #2
ron_s CreditAttribution: ron_s commentedHave also noticed it does not properly handle a forward slash when validating. Updated patch handles the issue, see attached.