Changeset 761
- Timestamp:
- 08/21/07 02:42:30
(11 months ago)
- Author:
- gnif
- Message:
Updated chk_pass function to allow non alphanumeric letters in passwords
Added code to strip slashes if gpc_magic_quotes_runtime is on
Removed escapeshellcmd from the add/edit email pages (why escape? its only going into a database, adodb will do this for us)
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r760 |
r761 |
|
| 5 | 5 | | - AWStats: | |
|---|
| 6 | 6 | | * gui: disable stats-alias in client menu | |
|---|
| 7 | | | * setup: complete SSL support | |
|---|
| 8 | 7 | \_________________________________________________________________/ |
|---|
| | 8 | |
|---|
| | 9 | 2007-08-21 Geoffrey McRae |
|---|
| | 10 | - GUI: |
|---|
| | 11 | * Updated chk_pass function to allow non alphanumeric letters in passwords |
|---|
| | 12 | * Added code to strip slashes if gpc_magic_quotes_runtime is on |
|---|
| | 13 | * Removed escapeshellcmd from the add/edit email pages (why escape? its only going into a database, adodb will do this for us) |
|---|
| 9 | 14 | |
|---|
| 10 | 15 | 2007-08-20 Geoffrey McRae |
|---|
| r743 |
r761 |
|
| 379 | 379 | function check_mail_acc_data(&$sql, $dmn_id, $dmn_name) { |
|---|
| 380 | 380 | if ($_POST['mail_type'] != 'forward') { |
|---|
| | 381 | /* |
|---|
| | 382 | (gnif) why escape it?, its not used in a shell command |
|---|
| | 383 | |
|---|
| 381 | 384 | $pass = escapeshellcmd($_POST['pass']); |
|---|
| 382 | 385 | $pass_rep = escapeshellcmd($_POST['pass_rep']); |
|---|
| | 386 | */ |
|---|
| | 387 | |
|---|
| | 388 | $pass = $_POST['pass']; |
|---|
| | 389 | $pass_rep = $_POST['pass_rep']; |
|---|
| 383 | 390 | } |
|---|
| 384 | 391 | |
|---|
| r730 |
r761 |
|
| 141 | 141 | } |
|---|
| 142 | 142 | |
|---|
| | 143 | /* |
|---|
| | 144 | (gnif) Why escape it? |
|---|
| | 145 | its never going to be used in a shell command, |
|---|
| | 146 | this breaks non-alpha chars in passwords |
|---|
| | 147 | |
|---|
| 143 | 148 | $pass = escapeshellcmd($_POST['pass']); |
|---|
| 144 | 149 | $pass_rep = escapeshellcmd($_POST['pass_rep']); |
|---|
| | 150 | */ |
|---|
| | 151 | $pass = $_POST['pass']; |
|---|
| | 152 | $pass_rep = $_POST['pass_rep']; |
|---|
| | 153 | |
|---|
| 145 | 154 | $mail_id = $_GET['id']; |
|---|
| 146 | 155 | $mail_account = clean_input($_POST['mail_account']); |
|---|
| r747 |
r761 |
|
| 134 | 134 | |
|---|
| 135 | 135 | if ($cfg['PASSWD_STRONG']) |
|---|
| 136 | | return (bool)(preg_match("/[0-9 |
|---|
| | 136 | return (bool)(preg_match("/[0-9!@#$%^&*()_+\-=\[\]\\\\;',./{}|:\"<>?`~]/", $password) AND preg_match("/[a-zA-Z]/", $password)); |
|---|
| 137 | 137 | else |
|---|
| 138 | 138 | return TRUE; |
|---|
| r739 |
r761 |
|
| 26 | 26 | if (!isset($_SESSION)) |
|---|
| 27 | 27 | session_start(); |
|---|
| | 28 | |
|---|
| | 29 | //Remove slashes from input, fixes un-expected behaviour with field inputs |
|---|
| | 30 | if (get_magic_quotes_gpc()) { |
|---|
| | 31 | $_REQUEST = array_map('stripslashes' , $_REQUEST ); |
|---|
| | 32 | $_GET = array_map('stripslashes' , $_GET ); |
|---|
| | 33 | $_POST = array_map('stripslashes' , $_POST ); |
|---|
| | 34 | $_COOKIE = array_map('stripslashes' , $_COOKIE ); |
|---|
| | 35 | $_FILES = array_map('stripslashes' , $_FILES ); |
|---|
| | 36 | } |
|---|
| 28 | 37 | |
|---|
| 29 | 38 | // Error handling and debug |
|---|
|
