- Affected version
- 2.2.5
A username with a length of 1 character is not mentionable as the regex either extracts an additional space or just misses it.
Given the message;
XF will generate the query;
A username with length of 1 also fails to be extracted if it is the last bit of text in the message;
Given the message;
The default configuration for a minimum username length of 3, which will thankfully migrate this for most sites
Given the message;
@a @a @cc
XF will generate the query;
SQL:
SELECT user.user_id, user.username,
IF(user.username LIKE 'a %', 1, 0) AS match_0,
IF(user.username LIKE 'a %', 1, 0) AS match_1,
IF(user.username LIKE 'cc%', 1, 0) AS match_2
FROM xf_user AS user
WHERE (user.username LIKE 'a %' OR user.username LIKE 'b %' OR user.username LIKE 'cc%')
ORDER BY LENGTH(user.username) DESC
A username with length of 1 also fails to be extracted if it is the last bit of text in the message;
Given the message;
@a @a @c
SQL:
SELECT user.user_id, user.username,
IF(user.username LIKE 'a %', 1, 0) AS match_0,
IF(user.username LIKE 'a %', 1, 0) AS match_1,
FROM xf_user AS user
WHERE (user.username LIKE 'a %' OR user.username LIKE 'b %')
ORDER BY LENGTH(user.username) DESC
The default configuration for a minimum username length of 3, which will thankfully migrate this for most sites