Ignacio Dosil Lago writes:
Hi all, I wanted to add a new user to Zope, so I copied it's login name from a document and pasted it into the user add form. That login name included strange characters which I couldn't see. Now I can't remove that user!!
[..] If I understand the code in lib/python/AccessControl/User.py correctly there is no "valid id" check or the like for users. Wouldn't this make sense? As the user name has to be sent via an http-header to login as this user, maybe one could limit the allowed names to strings which may be send as valid http header. (I.e. creating a user with a ':' seems to be pointless, if using basic http-auth. Hm, but people using a Cookie-based login may argue differntly.) However so far I have not been able to create a user which I could not delete afterwards. It would be interesting to know what characters do trigger this issue ... Cheers, Clemens