diff options
author | John Klug <john.klug@multitech.com> | 2019-12-10 19:23:59 -0600 |
---|---|---|
committer | John Klug <john.klug@multitech.com> | 2019-12-10 19:23:59 -0600 |
commit | 1a8133dc057302d1a026e177ec21f80df8d91f8e (patch) | |
tree | 84361941effe156e361ee529b9e253230169ccdb /www/commission/index.php | |
parent | c6c7b0f384aba0427470c9d184f81d5c9a7af1a1 (diff) | |
download | commissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.tar.gz commissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.tar.bz2 commissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.zip |
Disallow " in password.1.0.0
Diffstat (limited to 'www/commission/index.php')
-rw-r--r-- | www/commission/index.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/www/commission/index.php b/www/commission/index.php index 4c0ac81..10e044e 100644 --- a/www/commission/index.php +++ b/www/commission/index.php @@ -75,7 +75,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ } elseif ($userlen > 80) { $username_err = "mLinux username must not exceed 32 characters"; } elseif (strstr($username,"\"")) { - $username_err = "invalid character(s) in username"; + $username_err = "No " allowed in username"; } else { syslog(LOG_ALERT, "Enter username check: $username"); $id = chk_username($username); @@ -100,7 +100,10 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ } elseif ($passlen > 4096) { $password_err = "Too long. Limit password length to 4096 characters"; $password = ""; - + } elseif (strstr($password,"\"")) { + $password_err = "No " allowed in password"; + $mismatch = 0; + $password = ""; } else { if ($save_passwordlen === 0) { $mismatch = 0; |