|Title|EditGroup.jsp should allow '\' character in member list when using NTLM
|Date|12-Sep-2006 16:42:04 EEST
|Version|2.4.53
|Submitter|66.181.92.2
|[Bug criticality]|BadBug
|Browser version|IE 6.0
|[Bug status]|ClosedBug
|[PageProvider] used|versioningFileProvider
|Servlet Container|Tomcat 5.5
|Operating System|Windows XP
|URL|EditGroup.jsp
|Java version|1.5

I have two Wiki's running in a single Tomcat instance. Each Wiki is using NTLM authentication. There is a common groupdatabase.xml that is used by both Wiki's to store group information. Each Wiki has it's own Admin group that is defined in the groupdatabase.xml with it's own list of members.

When a user gets authenticated by the domain controller, the JSPWiki user principal is of the form DOMAIN\USER. The Wiki name is also stored as DOMAIN\USER. Since the users do not have Wiki profiles, there is no 'Full Name'.

If an Admin or group member tries to add new users of the form DOMAIN\USER to an existing group via the EditGroup.jsp page, they get an error saying:

Could not save group: Full name cannot contain these characters: "'<>;&@{}%$\

To get around this problem, you need to manually edit the groupdatabase.xml file and add the users of type DOMAIN\USER to the correct group. This is, of course, unacceptable since each Wiki Admin would need access to the groupdatabase.xml file directly.

It seems that the EditGroup.jsp should be more flexible and allow '\' characters considering users could be part of different domains.

If there is any workaround I could use, please let me know.

Thanks!

-- Avinash Gupta

----

XMLGroupDatabase was not doing proper XML escaping.  Therefore this was not working... Fixed in 2.4.82.

-- JanneJalkanen