Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
3.2.1, 3.2.2, 3.2.8
-
None
-
None
-
Does not depend on environment.
Description
While working with phpBB I noticed the function utf8_clean_string and what it is supposed to do, i.e. avoid usernames that look similar or even identical but are different (by using "look alike characters")
Anyway, first, there is this replacement: 'ǃ'=>'!'
Later, there is this replacement: '!'=>'ǃ'
One of them is an exclamation mark, the other is LATIN LETTER RETROFLEX CLICK. Depending on the font, you may see a difference between the two or not.
It means the replacement is A => B and B => A which does not make much sense, because a username containing A will be cleaned to B and vice versa.
Other characters don't have this problem, for example all kind of question marks are replaced by the character ʔ (LATIN LETTER GLOTTAL STOP).
But what's the point of the replacement rules for the exclamation mark?
By using these rules, the usernames "testǃ" and "test!" are different usernames for phpBB.
But the usernames "test?" and "testʔ" are the same for phpBB and thus prohibited.