vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r1797794 - /vcl/trunk/web/.ht-inc/addomain.php
Date Tue, 06 Jun 2017 15:05:47 GMT
Author: jfthomps
Date: Tue Jun  6 15:05:47 2017
New Revision: 1797794

URL: http://svn.apache.org/viewvc?rev=1797794&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries

addomain.php: modified validateResourceData: changed to get $return['password'] and $return['password2']
directly from $_POST instead of calling processInputVar so that special characters are not
removed

Modified:
    vcl/trunk/web/.ht-inc/addomain.php

Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797794&r1=1797793&r2=1797794&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Tue Jun  6 15:05:47 2017
@@ -492,8 +492,8 @@ class ADdomain extends Resource {
 		$return["owner"] = processInputVar("owner", ARG_STRING, "{$user["unityid"]}@{$user['affiliation']}");
 		$return["domaindnsname"] = processInputVar("domaindnsname", ARG_STRING);
 		$return["username"] = processInputVar("username", ARG_STRING);
-		$return["password"] = processInputVar("password", ARG_STRING);
-		$return["password2"] = processInputVar("password2", ARG_STRING);
+		$return["password"] = $_POST['password'];
+		$return["password2"] = $_POST['password2'];
 		$return["dnsservers"] = processInputVar("dnsservers", ARG_STRING);
 
 		if(! preg_match("/^([A-Za-z0-9-!@#$%^&\*\(\)_=\+\[\]{}\\\|:;,\.\/\?~` ]){2,30}$/",
$return['name'])) {
@@ -523,7 +523,8 @@ class ADdomain extends Resource {
 			$errormsg[] = i("Username cannot contain single (') or double (") quotes, less
than (<), or greater than (>) and can be from 2 to 64 characters long");
 		}
 
-		if(! preg_match('/^.{4,256}$/', $return['password']) &&
+		$passlen = strlen($return['password']);
+		if(($passlen < 4 || $passlen > 256) &&
 		   ($add || ! (empty($return['password']) && empty($return['password2'])))) {
 			$return['error'] = 1;
 			$errormsg[] = i("Password must be at least 4 characters long");



Mime
View raw message