Posted by archard-gdo on February 10, 2008 at 2:29am
It just occurred to me that there may be an issue if someone tries to register the username "phpbb" (or whatever the superuser for phpBB is), because registrations are handled through Drupal. Surely it'd work for Drupal but when the module tries to create a duplicate account for phpBB I'm sure there would be some problem. I haven't tested it out yet though, so maybe there's already a fix for this.
Comments
Won't be able to do any
Won't be able to do any damage, but should be handled more gracefully. Thanks.
Username clean has a unique index, which will prevent the user from being inserted into phpBB, and therefore not be able to exploit the bypass. Session creation etc. from Drupal only uses uid.