From patchwork Tue May 30 20:04:42 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [7/7] WebUI: prohibit strange special characters in password
From: Adrian Schmutzler <freifunk@adrianschmutzler.de>
X-Patchwork-Id: 345
Message-Id: <1496174682-859-1-git-send-email-freifunk@adrianschmutzler.de>
To: franken-dev@freifunk.net
Cc: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Date: Tue, 30 May 2017 22:04:42 +0200

Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_

Fixes #40

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
---
 src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
index 0323836..176853a 100755
--- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
+++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
@@ -3,8 +3,12 @@
 <%
 # write
 if [ "$REQUEST_METHOD" == "POST" ] ; then
+	#check for special characters in password
+	regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$'
 	if [ "$POST_pass1" == "" ] ; then
 		MSG='<span class="red">Das Passwort darf nicht leer sein!</span>'
+    elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then   
+		MSG='<span class="red">Passwort enth&auml;lt ung&uuml;ltige Zeichen!</span>'
 	else
 		(echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null
 		if [ $? -eq 0 ]; then