Author: jfthomps
Date: Tue Jun 6 15:05:47 2017
New Revision: 1797794
URL: http://svn.apache.org/viewvc?rev=1797794&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries
addomain.php: modified validateResourceData: changed to get $return['password']
and $return['password2'] directly from $_POST instead of calling
processInputVar so that special characters are not removed
Modified:
vcl/trunk/web/.ht-inc/addomain.php
Modified: vcl/trunk/web/.ht-inc/addomain.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1797794&r1=1797793&r2=1797794&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Tue Jun 6 15:05:47 2017
@@ -492,8 +492,8 @@ class ADdomain extends Resource {
$return["owner"] = processInputVar("owner", ARG_STRING,
"{$user["unityid"]}@{$user['affiliation']}");
$return["domaindnsname"] = processInputVar("domaindnsname",
ARG_STRING);
$return["username"] = processInputVar("username", ARG_STRING);
- $return["password"] = processInputVar("password", ARG_STRING);
- $return["password2"] = processInputVar("password2", ARG_STRING);
+ $return["password"] = $_POST['password'];
+ $return["password2"] = $_POST['password2'];
$return["dnsservers"] = processInputVar("dnsservers",
ARG_STRING);
if(!
preg_match("/^([A-Za-z0-9-!@#$%^&\*\(\)_=\+\[\]{}\\\|:;,\.\/\?~` ]){2,30}$/",
$return['name'])) {
@@ -523,7 +523,8 @@ class ADdomain extends Resource {
$errormsg[] = i("Username cannot contain single (') or
double (") quotes, less than (<), or greater than (>) and can be
from 2 to 64 characters long");
}
- if(! preg_match('/^.{4,256}$/', $return['password']) &&
+ $passlen = strlen($return['password']);
+ if(($passlen < 4 || $passlen > 256) &&
($add || ! (empty($return['password']) &&
empty($return['password2'])))) {
$return['error'] = 1;
$errormsg[] = i("Password must be at least 4 characters
long");
