You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by jf...@apache.org on 2017/06/06 15:05:47 UTC
svn commit: r1797794 - /vcl/trunk/web/.ht-inc/addomain.php
Author: jfthomps
Date: Tue Jun 6 15:05:47 2017
New Revision: 1797794
URL: http://svn.apache.org/viewvc?rev=1797794&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries
addomain.php: modified validateResourceData: changed to get $return['password'] and $return['password2'] directly from $_POST instead of calling processInputVar so that special characters are not removed
Modified:
vcl/trunk/web/.ht-inc/addomain.php
Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797794&r1=1797793&r2=1797794&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Tue Jun 6 15:05:47 2017
@@ -492,8 +492,8 @@ class ADdomain extends Resource {
$return["owner"] = processInputVar("owner", ARG_STRING, "{$user["unityid"]}@{$user['affiliation']}");
$return["domaindnsname"] = processInputVar("domaindnsname", ARG_STRING);
$return["username"] = processInputVar("username", ARG_STRING);
- $return["password"] = processInputVar("password", ARG_STRING);
- $return["password2"] = processInputVar("password2", ARG_STRING);
+ $return["password"] = $_POST['password'];
+ $return["password2"] = $_POST['password2'];
$return["dnsservers"] = processInputVar("dnsservers", ARG_STRING);
if(! preg_match("/^([A-Za-z0-9-!@#$%^&\*\(\)_=\+\[\]{}\\\|:;,\.\/\?~` ]){2,30}$/", $return['name'])) {
@@ -523,7 +523,8 @@ class ADdomain extends Resource {
$errormsg[] = i("Username cannot contain single (') or double (") quotes, less than (<), or greater than (>) and can be from 2 to 64 characters long");
}
- if(! preg_match('/^.{4,256}$/', $return['password']) &&
+ $passlen = strlen($return['password']);
+ if(($passlen < 4 || $passlen > 256) &&
($add || ! (empty($return['password']) && empty($return['password2'])))) {
$return['error'] = 1;
$errormsg[] = i("Password must be at least 4 characters long");