I have been researching this issue for some days now.
These are my observations
1. A user can create an account with an emoji character
2. After registration, Q2A/PQA is able to successfully create a user for the emoji character but emoji character used as a user name is converted to an empty space " ". Because of this, the user is not linked to his profile sice you cannot link an empty space character.
3. Q2A/PQA counts the user as on the users page but does not link the user to a profile (see screenshot below) - The profile name is an empty space " " 4. Because profile is not linked to username assigned to the user (empty space), the user is seen as anonymous. (see screenshot)
5. You can create a user with symbols like the dollar sign but these sybols are properly escaped so they are treated as nomal users (Refer to the above screenshot for users with names = $ symbol)
6. To delete such a user, one must do so directly from the database.
Analyzing the pqa_users table shows that emoji characters are converted to empty spaces by pqa/q2a
For some reason,
Q2A/PQA converts emoji characters to an empty space " " hence it is unable to link the empty space username to the users profile since it is not possble to link a space. (There is nothing to anchor)
1.We can ban users from registering with all emoji characters
2. We can escape or convert such characters correctly so that q2a/pqa can treat them as normal symbols
Now what we need is decide how we deal with this issue.
This issue is important for sucurity reasons.
Thank you Steven for this find