Hi there Amir,

First of all I'd like to say that the AJAX Registration component is really nice, and so far it has been a great purchase.

However, I haven't read anywhere about its protection against SQL/PHP injections. I noticed that the AJAX verification for username currently accepts characters such as SPACE or special characters like " '$ * @ , . { [ } ] : / \ | + = - ! ? ^ and latin characters such as áãâàçñ etc...

I understand these characters might not influence direct injections, however they can bring conflicts and issues on further extensions that might want to use the user details. Currently, I can register a username as 'blank+blank+blank' or even '?!^'.

Would there be a way (hack) to limit these characters at least in the username field? Or perhaps just add a preg_replace somehwere?

Many thanks!!

Cheers,

Luiz

Hi Saka, and thanks for your quick reply!

Would you suggest any specific place in the AJAX Registration files where we could try to modify it ourselves to implement this?

Thanks once again,

Luiz

Thanks a lot, Emir!

 


Luiz