[PATCH 7/7] WebUI: prohibit strange special characters in password
Adrian Schmutzler
freifunk at adrianschmutzler.de
Di Mai 30 22:04:42 CEST 2017
Restricts password to A-Z, a-z, 0-9 and !#$%()*+,.:;=?@^_
Fixes #40
Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
---
src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
index 0323836..176853a 100755
--- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
+++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/password.html
@@ -3,8 +3,12 @@
<%
# write
if [ "$REQUEST_METHOD" == "POST" ] ; then
+ #check for special characters in password
+ regex='^[a-zA-Z0-9!#\$%\(\)\*\+,\.:;=\?@\^_]+$'
if [ "$POST_pass1" == "" ] ; then
MSG='<span class="red">Das Passwort darf nicht leer sein!</span>'
+ elif ! echo -n "$POST_pass1" | egrep -q "$regex"; then
+ MSG='<span class="red">Passwort enthält ungültige Zeichen!</span>'
else
(echo "$POST_pass1"; sleep 1; echo "$POST_pass2") | passwd &>/dev/null
if [ $? -eq 0 ]; then
--
2.7.4
Mehr Informationen über die Mailingliste franken-dev