Users URL does not strict match username slug
MacTwister opened this issue · 2 comments
Describe the bug
There seems to be some fuzzy matching on the slug on the user page. So the path /users/alberto.lastname shows content from /users/alberto.
To Reproduce
Steps to reproduce the behaviour:
- I had deleted a user from admin side.
- Went to verify through user view user deleted, and got show a user page (took a few seconds to realizes was a different user)
Expected behaviour
I think this should be a strict fail/404, because if you type a URL, you expect the content to match exactly.
Agree!
In addition I also read that Rails treats everything after a dot as a file type, like some.html, some.csv or some.json etc.
So we should definitely not allow dots in slugs, and if I recall, it should not be possible with the friendly_id gem
Aah, true, now that you say that, I actually manually typed their username into the address bar.
If I now go to "backstage" and open a random user in the list, I know to have a dot in the username, the URL contains a - dash instead of a dot. So I guess it's only an issue if people paste usernames into the URL to quickly view, like I did. :)
So maybe not an issue.