mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #66043
[Bug 1970403] [NEW] Password don't accept certain special character
Public bug reported:
Hello.
I had to use Mahara for some class work (on an instance hosted by the
teacher). As I forgot my password (the usual one I used didn't), I reset
it. I got the mail, clicked the link, but when trying to enter a new
password, it didn't work.
The password I planned to use had the "€" symbol in it (as well as
number, capital and lowercase letter), to fulfill the requierement, but
I (still) had the error that it wasn't accepted. As that feel really
strange, and something seems broken, I took a look at the code source :
The set of symbol that are accepted are actually not every special
character (and no message is displayed about it).
It seems it try to check the validity of the password, with the function
"is_password_valid" in the file "htdocs/auth/internal/lib.php", but it
first try to limit the special character to a small set of ASCII
character with "if (!preg_match('/^[a-zA-Z0-9
~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{' . $minlength .
',}$/', $password)) {", which doesn't include the € symbol (nor é, ç,
nor emoji or a lot of stuff like that.
In addition, the error message I got (in french) didn't specified this
(but it looks like the english version has the same kind of issues).
Additionally, I don't know which version is used, nor the server OS or
the dabase (client is Android with Firefox 98.2.0).
On my side, I'll use one of those permitted special character. I just
hope you fix this (either by permitting all special character, or making
a better error message in those case. Or something else) for other.
I hope you will have a nice day -- Marius
** Affects: mahara
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1970403
Title:
Password don't accept certain special character
Status in Mahara:
New
Bug description:
Hello.
I had to use Mahara for some class work (on an instance hosted by the
teacher). As I forgot my password (the usual one I used didn't), I
reset it. I got the mail, clicked the link, but when trying to enter a
new password, it didn't work.
The password I planned to use had the "€" symbol in it (as well as
number, capital and lowercase letter), to fulfill the requierement,
but I (still) had the error that it wasn't accepted. As that feel
really strange, and something seems broken, I took a look at the code
source : The set of symbol that are accepted are actually not every
special character (and no message is displayed about it).
It seems it try to check the validity of the password, with the
function "is_password_valid" in the file
"htdocs/auth/internal/lib.php", but it first try to limit the special
character to a small set of ASCII character with "if
(!preg_match('/^[a-zA-Z0-9
~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\\|`\']{' . $minlength .
',}$/', $password)) {", which doesn't include the € symbol (nor é, ç,
nor emoji or a lot of stuff like that.
In addition, the error message I got (in french) didn't specified this
(but it looks like the english version has the same kind of issues).
Additionally, I don't know which version is used, nor the server OS or
the dabase (client is Android with Firefox 98.2.0).
On my side, I'll use one of those permitted special character. I just
hope you fix this (either by permitting all special character, or
making a better error message in those case. Or something else) for
other.
I hope you will have a nice day -- Marius
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1970403/+subscriptions
