diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-02-25 10:56:01 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-02-25 10:56:01 +0000 |
| commit | d45d58239cceb25f0176162744772e6a47216785 (patch) | |
| tree | 405b0a61211d08b28e192ef48c2e322906b5d0d9 /roundcubemail/plugins/password/password.php | |
| parent | 4be21a6d74cf5f3ff0879a5c518b34b921e8f9a1 (diff) | |
- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473)
git-svn-id: https://svn.roundcube.net/trunk@3289 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/plugins/password/password.php')
| -rw-r--r-- | roundcubemail/plugins/password/password.php | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/roundcubemail/plugins/password/password.php b/roundcubemail/plugins/password/password.php index 4f34e40d2..3121eb6fe 100644 --- a/roundcubemail/plugins/password/password.php +++ b/roundcubemail/plugins/password/password.php @@ -86,11 +86,31 @@ class password extends rcube_plugin } else { - $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); - $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST); + $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); + $rc_charset = strtoupper($rcmail->output->get_charset()); - if ($conpwd != $newpwd) { + $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset); + $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true); + $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true); + + // check allowed characters according to the configured 'password_charset' option + // by converting the password entered by the user to this charset and back to UTF-8 + $orig_pwd = $newpwd; + $chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset); + $chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset); + + // WARNING: Default password_charset is ISO-8859-1, so conversion will + // change national characters. This may disable possibility of using + // the same password in other MUA's. + // We're doing this for consistence with Roundcube core + $newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset); + $conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset); + + if ($chk_pwd != $orig_pwd) { + $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error'); + } + // other passwords validity checks + else if ($conpwd != $newpwd) { $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); } else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { @@ -103,6 +123,7 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } + // try to save the password else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); $_SESSION['password'] = $rcmail->encrypt($newpwd); |