Changeset 761 for branches/ssl-addon

Show
Ignore:
Timestamp:
08/21/07 02:42:30 (16 months ago)
Author:
gnif
Message:

Updated chk_pass function to allow non alphanumeric letters in passwords
Added code to strip slashes if gpc_magic_quotes_runtime is on
Removed escapeshellcmd from the add/edit email pages (why escape? its only going into a database, adodb will do this for us)

Location:
branches/ssl-addon/trunk
Files:
5 modified

Legend:

Unmodified
Added
Removed

  • branches/ssl-addon/trunk/CHANGELOG

    r760 r761  
    55|         - AWStats:                                              | 
    66|               * gui: disable stats-alias in client menu         | 
    7 |               * setup: complete SSL support                     | 
    87\_________________________________________________________________/ 
     8 
     92007-08-21 Geoffrey McRae 
     10    - GUI: 
     11        * Updated chk_pass function to allow non alphanumeric letters in passwords 
     12        * Added code to strip slashes if gpc_magic_quotes_runtime is on 
     13        * Removed escapeshellcmd from the add/edit email pages (why escape? its only going into a database, adodb will do this for us)   
    914 
    10152007-08-20 Geoffrey McRae 

  • branches/ssl-addon/trunk/gui/client/add_mail_acc.php

    r743 r761  
    379379function check_mail_acc_data(&$sql, $dmn_id, $dmn_name) { 
    380380    if ($_POST['mail_type'] != 'forward') { 
     381        /* 
     382        (gnif) why escape it?, its not used in a shell command 
     383 
    381384        $pass = escapeshellcmd($_POST['pass']); 
    382385        $pass_rep = escapeshellcmd($_POST['pass_rep']); 
     386        */ 
     387 
     388        $pass           = $_POST['pass']; 
     389        $pass_rep       = $_POST['pass_rep']; 
    383390    } 
    384391 

  • branches/ssl-addon/trunk/gui/client/edit_mail_acc.php

    r730 r761  
    141141  } 
    142142 
     143/* 
     144  (gnif) Why escape it? 
     145  its never going to be used in a shell command, 
     146  this breaks non-alpha chars in passwords 
     147 
    143148  $pass = escapeshellcmd($_POST['pass']); 
    144149  $pass_rep = escapeshellcmd($_POST['pass_rep']); 
     150*/ 
     151  $pass         = $_POST['pass']; 
     152  $pass_rep     = $_POST['pass_rep']; 
     153 
    145154  $mail_id = $_GET['id']; 
    146155  $mail_account = clean_input($_POST['mail_account']); 

  • branches/ssl-addon/trunk/gui/include/input-checks.php

    r747 r761  
    134134 
    135135    if ($cfg['PASSWD_STRONG']) 
    136         return (bool)(preg_match("/[0-9]/", $password) AND preg_match("/[a-zA-Z]/", $password)); 
     136        return (bool)(preg_match("/[0-9!@#$%^&*()_+\-=\[\]\\\\;',./{}|:\"<>?`~]/", $password) AND preg_match("/[a-zA-Z]/", $password)); 
    137137    else 
    138138        return TRUE; 

  • branches/ssl-addon/trunk/gui/include/ispcp-lib.php

    r739 r761  
    2626if (!isset($_SESSION)) 
    2727        session_start(); 
     28 
     29//Remove slashes from input, fixes un-expected behaviour with field inputs 
     30if (get_magic_quotes_gpc()) { 
     31        $_REQUEST       = array_map('stripslashes'      , $_REQUEST     ); 
     32        $_GET           = array_map('stripslashes'      , $_GET         ); 
     33        $_POST          = array_map('stripslashes'      , $_POST        ); 
     34        $_COOKIE        = array_map('stripslashes'      , $_COOKIE      ); 
     35        $_FILES         = array_map('stripslashes'      , $_FILES       ); 
     36} 
    2837 
    2938// Error handling and debug