Ticket #325 (closed Bug report: fixed)

Opened 15 years ago

Last modified 14 years ago

Install.php doesn't validate initial wifidog password properly

Reported by: golden_rock@… Owned by: Robin Jones
Priority: low Milestone: WifiDog Auth Server 1.0
Component: Auth server, Authentication, permissions and access control Version:
Keywords: Cc:

Description

The problem is simple: when I installed wifidog with install.php, I set a password with lots of special characters including *, &, ! and more. The installation allowed me to go on, and wifidog worked well.

But then came the time I tried to change the password, it wouldn't allow me because the client side validation wouldn't pass. The javascript isValidPassword() function fails because it matches the password to the regular expression /[0-9a-zA-Z]{6,}$/ which doesn't cover the special characters I input initially. Actually it forces the user to use only alphanumeric passwords... (in formutils.js)

I went over this bug by modifying the formutils.js file, making the isValidPassword() function return true all the times, change my password and then restore the old formutils.js file. It worked.

Wifidog shouldn't have let me use special characters initially if change_password.php doesn't allow them. And should change_password validate the old password field? Perhaps.

My wifidog auth server version dates from 2006-12-12. If the bug hasn't been discovered yet, then here's an occasion to fix it.

Thanks guys!

wad

Change History

Changed 15 years ago by golden_rock@…

So in other words, install.php allows special characters, but change_password.php doesn't allow special characters AND change_password.php tries to validate the old password. So basically, i was stuck until I disable the client side validation.

Changed 15 years ago by benoitg

Thanks for your very clear bug report. This indeed need's fixing.

Changed 14 years ago by Robin Jones

A temporary fix to this has already been commited, although it needs to be changed so that the regular expression(s) are called from a central location either js/formutils.js or signup.php

Changed 14 years ago by networkfusion

  • owner set to Robin Jones
  • priority changed from normal to low

Changed 14 years ago by networkfusion

  • status changed from new to closed
  • resolution set to fixed

Fixed in [1343]

Note: See TracTickets for help on using tickets.