Context Navigation

← Previous Changeset
Next Changeset →

Changeset 64608bf in github

Timestamp:

Feb 25, 2010 5:56:01 AM (3 years ago)

Author:

alecpl <alec@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

Parents:

Message:

Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473)

Files:

: 6 edited

CHANGELOG (modified) (1 diff)
config/main.inc.php.dist (modified) (1 diff)
index.php (modified) (2 diffs)
plugins/password/localization/en_US.inc (modified) (1 diff)
plugins/password/localization/pl_PL.inc (modified) (1 diff)
plugins/password/password.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

CHANGELOG

r951c07b1	r64608bf
2	2	===========================
3	3
	4	- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473)
4	5	- Fix adding contacts SQL error on mysql (#1486459)
5	6	- Squirrelmail_usercopy: support reply-to field (#1486506)

config/main.inc.php.dist

-                      rc3b6763
+                      r64608bf
 // localhost if that isn't defined.
 $rcmail_config['smtp_helo_host'] = '';
+// Password charset.
+// Use it if your authentication backend doesn't support UTF-8.
+// Defaults to ISO-8859-1 for backward compatibility
+$rcmail_config['password_charset'] = 'ISO-8859-1';
 // Log sent messages

index.php

-                      r7481dd9
+                      r64608bf
     'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)),
     'cookiecheck' => true,
+  )) + array('pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1'));
+  ));
+  if (!isset($auth['pass']))
+    $auth['pass'] = get_input_value('_pass', RCUBE_INPUT_POST, true,
+        $RCMAIL->config->get('password_charset', 'ISO-8859-1'));
   // check if client supports cookies
 …
     $OUTPUT->show_message("cookiesdisabled", 'warning');
+  }
   else if ($_SESSION['temp'] && !$auth['abort'] && !empty($auth['host']) &&
             !empty($auth['user']) && isset($auth['pass']) &&
             $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
+  else if ($_SESSION['temp'] && !$auth['abort'] &&
+        !empty($auth['host']) && !empty($auth['user']) &&
+        $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) {
     // create new session ID
     rcube_sess_unset('temp');

plugins/password/localization/en_US.inc

-                      re7b283b
+                      r64608bf
 $messages['passwordincorrect'] = 'Current password incorrect.';
 $messages['passwordinconsistency'] = 'Passwords do not match, please try again.';
 $messages['crypterror'] = 'Could not save new password. Encrypt function missing.';
+$messages['crypterror'] = 'Could not save new password. Encryption function missing.';
 $messages['connecterror'] = 'Could not save new password. Connection error.';
 $messages['internalerror'] = 'Could not save new password.';
+$messages['passwordshort'] = 'Your password must be at least $length characters long.';
+$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.';
+$messages['passwordshort'] = 'Password must be at least $length characters long.';
+$messages['passwordweak'] = 'Password must include at least one number and one punctuation character.';
+$messages['passwordforbidden'] = 'Password contains forbidden characters.';
 ?>

plugins/password/localization/pl_PL.inc

re7b283b	r64608bf
22	22	$messages['passwordweak'] = 'HasÅo musi zawieraÄ co najmniej jednÄ
23	23	cyfrÄ i znak interpunkcyjny.';
	24	$messages['passwordforbidden'] = 'HasÅo zawiera niedozwolone znaki.';
24	25
25	26	?>

plugins/password/password.php

-                      ra65bf3a
+                      r64608bf
     else {
+      $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST);
+      $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST);
+      $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST);
+      if ($conpwd != $newpwd) {
+      $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1'));
+      $rc_charset = strtoupper($rcmail->output->get_charset());
+      $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset);
+      $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true);
+      $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true);
+      // check allowed characters according to the configured 'password_charset' option
+      // by converting the password entered by the user to this charset and back to UTF-8
+      $orig_pwd = $newpwd;
+      $chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset);
+      $chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset);
+      // WARNING: Default password_charset is ISO-8859-1, so conversion will
+      // change national characters. This may disable possibility of using
+      // the same password in other MUA's.
+      // We're doing this for consistence with Roundcube core
+      $newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset);
+      $conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset);
+      if ($chk_pwd != $orig_pwd) {
+        $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error');
+      }
+      // other passwords validity checks
+      else if ($conpwd != $newpwd) {
         $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error');
+      }
 …
         $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error');
+      }
+      // try to save the password
       else if (!($res = $this->_save($curpwd,$newpwd))) {
         $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation');

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: