Message ID | 1496174682-859-1-git-send-email-freifunk@adrianschmutzler.de |
---|---|
State | Accepted |
Headers | show |
diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html index 0323836..176853a 100755 --- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html +++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html @@ -3,8 +3,12 @@ <% # write if [ "$REQUEST_METHOD" == "POST" ] ; then + #check for special characters in password + regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$' if [ "$POST_pass1" == "" ] ; then MSG='<span class="red">Das Passwort darf nicht leer sein!</span>' + elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then + MSG='<span class="red">Passwort enthält ungültige Zeichen!</span>' else (echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null if [ $? -eq 0 ]; then
Hi Reviewed und applied. Danke und sry fürs so lange warten. Tim Am Dienstag, den 30.05.2017, 22:04 +0200 schrieb Adrian Schmutzler: > Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_ > > Fixes #40 > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > --- > src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html > index 0323836..176853a 100755 > --- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html > +++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html > @@ -3,8 +3,12 @@ > <% > # write > if [ "$REQUEST_METHOD" == "POST" ] ; then > + #check for special characters in password > + regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$' > if [ "$POST_pass1" == "" ] ; then > MSG='<span class="red">Das Passwort darf nicht leer sein!</span>' > + elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then > + MSG='<span class="red">Passwort enthält ungültige Zeichen!</span>' > else > (echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null > if [ $? -eq 0 ]; then > -- > 2.7.4 >