[7/7] WebUI: prohibit strange special characters in password

Submitted by Adrian Schmutzler on May 30, 2017, 8:04 p.m.

Details

Message ID 1496174682-859-1-git-send-email-freifunk@adrianschmutzler.de
State Accepted
Headers show

Commit Message

Adrian Schmutzler May 30, 2017, 8:04 p.m. 
Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_

Fixes #40

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
---
 src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html | 4 ++++
 1 file changed, 4 insertions(+)

Patch hide | download patch | download mbox 

diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
index 0323836..176853a 100755
--- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
+++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
@@ -3,8 +3,12 @@ 
 <%
 # write
 if [ "$REQUEST_METHOD" == "POST" ] ; then
+	#check for special characters in password
+	regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$'
 	if [ "$POST_pass1" == "" ] ; then
 		MSG='<span class="red">Das Passwort darf nicht leer sein!</span>'
+    elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then   
+		MSG='<span class="red">Passwort enth&auml;lt ung&uuml;ltige Zeichen!</span>'
 	else
 		(echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null
 		if [ $? -eq 0 ]; then

Comments

Tim Niemeyer July 2, 2017, 9:12 a.m. 
Hi

Reviewed und applied.

Danke und sry fürs so lange warten.

Tim

Am Dienstag, den 30.05.2017, 22:04 +0200 schrieb Adrian Schmutzler:
> Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_
> 
> Fixes #40
> 
> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
> Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
> ---
>  src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
> index 0323836..176853a 100755
> --- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
> +++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
> @@ -3,8 +3,12 @@
>  <%
>  # write
>  if [ "$REQUEST_METHOD" == "POST" ] ; then
> +	#check for special characters in password
> +	regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$'
>  	if [ "$POST_pass1" == "" ] ; then
>  		MSG='<span class="red">Das Passwort darf nicht leer sein!</span>'
> +    elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then   
> +		MSG='<span class="red">Passwort enth&auml;lt ung&uuml;ltige Zeichen!</span>'
>  	else
>  		(echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null
>  		if [ $? -eq 0 ]; then
> -- 
> 2.7.4
>