You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by jf...@apache.org on 2017/06/06 15:05:47 UTC
svn commit: r1797794 - /vcl/trunk/web/.ht-inc/addomain.php

Author: jfthomps
Date: Tue Jun  6 15:05:47 2017
New Revision: 1797794

URL: http://svn.apache.org/viewvc?rev=1797794&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries

addomain.php: modified validateResourceData: changed to get $return['password'] and $return['password2'] directly from $_POST instead of calling processInputVar so that special characters are not removed

Modified:
    vcl/trunk/web/.ht-inc/addomain.php

Modified: vcl/trunk/web/.ht-inc/addomain.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797794&r1=1797793&r2=1797794&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Tue Jun  6 15:05:47 2017
@@ -492,8 +492,8 @@ class ADdomain extends Resource {
 		$return["owner"] = processInputVar("owner", ARG_STRING, "{$user["unityid"]}@{$user['affiliation']}");
 		$return["domaindnsname"] = processInputVar("domaindnsname", ARG_STRING);
 		$return["username"] = processInputVar("username", ARG_STRING);
-		$return["password"] = processInputVar("password", ARG_STRING);
-		$return["password2"] = processInputVar("password2", ARG_STRING);
+		$return["password"] = $_POST['password'];
+		$return["password2"] = $_POST['password2'];
 		$return["dnsservers"] = processInputVar("dnsservers", ARG_STRING);
 
 		if(! preg_match("/^([A-Za-z0-9-!@#$%^&\*\(\)_=\+\[\]{}\\\|:;,\.\/\?~` ]){2,30}$/", $return['name'])) {
@@ -523,7 +523,8 @@ class ADdomain extends Resource {
 			$errormsg[] = i("Username cannot contain single (') or double (&quot;) quotes, less than (&lt;), or greater than (&gt;) and can be from 2 to 64 characters long");
 		}
 
-		if(! preg_match('/^.{4,256}$/', $return['password']) &&
+		$passlen = strlen($return['password']);
+		if(($passlen < 4 || $passlen > 256) &&
 		   ($add || ! (empty($return['password']) && empty($return['password2'])))) {
 			$return['error'] = 1;
 			$errormsg[] = i("Password must be at least 4 characters long");