I've tried many filters, but I can't seem to figure this one out. Something like this should do the trick, but no matter what I've tried, users can still include special characters in their username.
Here's the thing. This works as expected when using the standard Wordpress Registration. But with Woocommerce registration, this does not work! :(
//add a filter to invalidate a username with spaces,special characters, capital letter, dot
add_filter('validate_username','restrict_space_in_username',10,2);
function restrict_space_in_username($valid,$user_name){
//check if there is an space
if ( preg_match('/\s[!##$%^&*()+=\-\[\]\';,.\/{}|":<>?~\\\\][A-Z](.)/',$user_name) )
return false;//if myes, then we say it is an error
return $valid;//otherwise return the actual validity
}
Related
I'm using ASP.NET and am looking to redirect users to a page that includes an easily human readable URL. Every method I've tried takes in the URL and encodes it.
Since none of the parameters are taken in to the page or processed in any way, I don't believe there's any security concerns with turning the %20 into a space. If there is an IIS rule this would work on, I would be fine to turn off encoding on this one page, but I can't turn it off for the whole page as this is a special use case.
I've already tried having Response.Redirect and Server.Transfer, and I cannot use Literals as putting the query into the page somewhere could allow an XSS vulnerability.
Expected:
example.com/test?message=Hello World
Actual:
example.com/test?message=Hello%20World
Edit For More Clarity:
<script>
console.log(window.location.pathname + window.location.search);
function replaceAll(str, find, replace) {
return str.replace(new RegExp(find, 'g'), replace);
}
console.log(window.location.pathname + replaceAll(window.location.search, '%20', ' '));
window.history.pushState(window.location.search, "Title", window.location.pathname + replaceAll(window.location.search, '%20', ' '));
</script>
This will write the current URL to the console, then the URL I'd like to see, but then the pushState does not actually update the URL to one without the encoding - it automatically re-encodes it.
I understand this may be impossible, but if someone could explain why then I will at least be able to stop trying so hard to find a solution.
As per Brando Zhang's comment this appears impossible.
i made a website and i want to send mail to user.
i use url routing and if i use like this
localhost:1186/activate/johndoe#john.doe.com
i got iis server error because of dot signs. but if i don't use like this i can not get this email address from browser fully.
i want that special chars in this email address must convert to html entities .
# sign .(dot) sign and all of it .
i want use it but not work
string email = "johndoe#john.doe.com";
string nemail = HttpUtility.UrlEncode(email);
it returns like
johndoe%40john.doe.com
but it must return like this
johndoe%40john(dotsignconvertedchars)doecom
not convert to dot signs ...
help me
i think after urlencodeing why dont you replace all dots with what ever you want for eg
nemail.Replace(".","(dot)");
which would give you johndoe%40john(dot)com
then after reciving it replace back
nemail=nemail.Replace("(dot)",".");
nemail=HttpUtility.UrlDecode(nemail);
Can anyone tell me how to remove unwanted characters from username field.
ex: i:0#.w|abcventures\sreekiran.k I need to remove the characters which are generated before abcventures\sreekiran.k.
I have used translate() to eliminate those characters, but, it is removing i & w characters also, from the username.
To expand on the current answers, I think they meant to use substring-after(). This will do the trick:
substring-after(userName(), "i:0#.w|")
To expand on Mekalikot's answer -
substring-before(userName(), "i:0#.w|")
Will return just the string after the "i:0#.w|" from the user name function. If the user name function does not include that string, however, the formula will return nothing. Since you'll get a different value from the user name function in preview vs. the browser, you'll probably need to test this with the published form.
Use substring-before to remove those characters.
I am working on a URL filtering project . I have a database given to me which contain URLs need to be blocked (eg: a.b.com/d/e).
I get uri and domain from http request. I compare what I get with my database and redirect users without any problem. So far so good.
Problems starts with urls that contains query string and other magics with URL. As an example if user enters a.b.com/d/e?junk. What I get won't match with my database, and users will bypass my filter and they will still be able to go a.b.com/d/e.
I tried some useless actions like slicing everything after special chars like "?,#". But having problems with url like : youtube.com/watch?v=12vh55_1ul8, which becames like youtube.com/watch and blocks all youtube. That solution causes me more problems.
Now I am very confused how to handle this problem. Is there any guide or any library which I can use in C++ ?
Try this code:
string str (get_requsted_uri());
string str2 ("http://getaroundfilters.com/article/889/proxy");
if (str.find(str2) != string::npos) {
block();
} else {
get_and_return_webpage(str);
}
I've read the reference of this function on Wordpress but i still don't understand what this function really does.
I'm reading a tutorial about creating a meta box in wordpress and I have this code inside the function which saves the data:
if ( !wp_verify_nonce( $_POST[$meta_box['name'].'_noncename'], plugin_basename(__FILE__) )) {
return $post_id;
}
Can someone explain briefly what is the meaning of wp_verify_nonce() ?
The nonce is a 'number used once' - a code that WP uses to make sure that POST data is coming from a safe place. This is useful to make sure that your plugin does not end up digesting data from an unsafe source (see Cross-Site Request Forgery).
This blog post by Mark Jaquith is useful for understanding them.
[nonces] are unique to the WordPress install, to the WordPress user, to the action, to the object of the action, and to the time of the action (24 hour window). That means that if any of these things changes, the nonce is invalid. So if you (somehow) intercept a nonce being used by me, you would, first of all, only have 24 hours to use this key to attempt to trick me.
To create a nonce you must give wp_create_nonce a certain string, providing the 'context' for the nonce. It gives you back a string - the nonce itself. You then include this nonce as part of your POST request. The receiving page should then create a nonce of its own, using the same context, and see if they match up.
In this case, the context given is plugin_basename(__FILE__). This will generate the same string whenever it is called from within the same plugin (see here).
When your wp_verify_nonce recieves a nonce created under the same circumstances as specified by Mark, with the same context string, it returns true.
In short:
!wp_verify_nonce
returns true if wp_verify_nonce returns false.
($_POST[$meta_box['name'].'_noncename'],
First argument to wp_verify_nonce: the nonce to check. This code gets the nonce out of the post request, stored in the $_POST global.
plugin_basename(__FILE__) )
Second argument to wp_verify_nonce: the context for generating the new nonce against which the first will be checked.
{ return $post_id; }
If the nonce doesn't match, stop executing the current function, returning the variable $post_id.