Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-8571

Users can make their age a negative number on memberlist

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.5
    • Fix Version/s: 3.0.10-RC1
    • Labels:
      None
    • Environment:
      PHP Environment: 5.2.9
      Database: 5.0.83

      Description

      It is possible to report your age as being -1, by selecting the current year, and any date between today and December 31.

        Activity

        Hide
        bantu Andreas Fischer added a comment -

        As I said, it wasn't fixed/changed. It was just a guess.

        Show
        bantu Andreas Fischer added a comment - As I said, it wasn't fixed/changed. It was just a guess.
        Hide
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment -

        Is the same validate_date function used for custom profile fields? IIRC that is the reason why some kind of minimum is not implemented.

        Show
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment - Is the same validate_date function used for custom profile fields? IIRC that is the reason why some kind of minimum is not implemented.
        Hide
        ToonArmy Chris Smith added a comment -

        As opposed to fixing this I sort of caused it by allowing birthdays in the same year r8807 for the reason I gave earlier. Adding a check would require language changes and such forth for a trivial thing in a trivial feature I really do not see the point.

        Show
        ToonArmy Chris Smith added a comment - As opposed to fixing this I sort of caused it by allowing birthdays in the same year r8807 for the reason I gave earlier. Adding a check would require language changes and such forth for a trivial thing in a trivial feature I really do not see the point.
        Hide
        narqelion narqelion [X] (Inactive) added a comment -

        ToonArmy wrote:"As opposed to fixing this I sort of caused it by allowing birthdays in the same year r8807 for the reason I gave earlier. Adding a check would require language changes and such forth for a trivial thing in a trivial feature I really do not see the point."

        I say since you broke it you fix it.

        Sorry sparky but the birthday field is the user birthday field, not a general multipurpose date field. As such it should have a reasonable lower and upper limit as should all data entry fields. If anybody wants to re-purpose the BD field to track other dates that is their problem and exactly what custom profile fields are designed to allow. Just because someone wants to use something the wrong way does not mean you should accommodate them with bad design. The fact that you provided the birthday field in the first place presumes that you think there are users who want to utilize that data, therefore you have an obligation to implement it in such a way that prevents unreasonable data from being entered. While it is true that you cannot enforce the correct data be entered, if I wanted to shave 10 years off my age I could, but I should not be allowed to set parameters outside the natural human lifespan.

        Of course the best solution would be to remove all system profile fields and allow them to be custom profile fields with the lower and upper thresholds definable by the board admin.

        Show
        narqelion narqelion [X] (Inactive) added a comment - ToonArmy wrote:"As opposed to fixing this I sort of caused it by allowing birthdays in the same year r8807 for the reason I gave earlier. Adding a check would require language changes and such forth for a trivial thing in a trivial feature I really do not see the point." I say since you broke it you fix it. Sorry sparky but the birthday field is the user birthday field, not a general multipurpose date field. As such it should have a reasonable lower and upper limit as should all data entry fields. If anybody wants to re-purpose the BD field to track other dates that is their problem and exactly what custom profile fields are designed to allow. Just because someone wants to use something the wrong way does not mean you should accommodate them with bad design. The fact that you provided the birthday field in the first place presumes that you think there are users who want to utilize that data, therefore you have an obligation to implement it in such a way that prevents unreasonable data from being entered. While it is true that you cannot enforce the correct data be entered, if I wanted to shave 10 years off my age I could, but I should not be allowed to set parameters outside the natural human lifespan. Of course the best solution would be to remove all system profile fields and allow them to be custom profile fields with the lower and upper thresholds definable by the board admin.
        Hide
        bantu Andreas Fischer added a comment -

        It is actually possible to make the age an arbitary negative number by sending the correct year in the future.

        Show
        bantu Andreas Fischer added a comment - It is actually possible to make the age an arbitary negative number by sending the correct year in the future.

          People

          • Assignee:
            bantu Andreas Fischer
            Reporter:
            sciguy sciguy [X] (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development