search

aces / Loris

LORIS is a web-accessible database solution for longitudinal multi-site studies.
GNU General Public License v3.0
143 stars 174 forks source link

[examiner] Special characters in examiner names should not be allowed #7965

Open ridz1208 opened 2 years ago

ridz1208 commented 2 years ago

Describe the bug Special characters should not be allowed in examiner names. Special characters get escaped when saved in the database and cause an error when associating examiners with sites.

NOTE: It is "normal" that an error is thrown because when the examiner name contains special characters, it is escaped on the way to the DB and thus can not be searched for to associate with sites in the examiner_psc_rel table. (long story short, the error is normal, there is just no reason for special characters here)

To Reproduce Steps to reproduce the behavior (attach screenshots if applicable):

  1. Go to the examiner module
  2. add an examiner with name test" &string <with> characters
  3. notice Error.
ridz1208 commented 1 year ago

@KLaFleur can you add a validator to make sure the characters "&<> are not accepted on submission