418 Zero-width spaces allowed in usernames MyBB allows you to copy another users name and put a zero-width space somewhere in it. To a human it looks exactly the same, which can be used to create problems 2009-08-20 100 Always 1.4.8 Thu Aug 20 15:03:35 -0500 2009 Mon Sep 21 01:21:43 -0500 2009

Corresponding thread: http://community.mybboard.net/thread-54822.html

Applied in changeset r4441.

This fix is working but incomplete. In xmlhttp.php find: <pre> $username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237)), array(" ", "-", "", "", ""), $username); </pre> Replace with: <pre> $username = str_replace(array(unicode_chr(160), unicode_chr(173), unicode_chr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username); </pre>

Applied in changeset r4446