summaryrefslogtreecommitdiff
path: root/www/commission/index.php
diff options
context:
space:
mode:
authorJohn Klug <john.klug@multitech.com>2019-12-10 19:23:59 -0600
committerJohn Klug <john.klug@multitech.com>2019-12-10 19:23:59 -0600
commit1a8133dc057302d1a026e177ec21f80df8d91f8e (patch)
tree84361941effe156e361ee529b9e253230169ccdb /www/commission/index.php
parentc6c7b0f384aba0427470c9d184f81d5c9a7af1a1 (diff)
downloadcommissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.tar.gz
commissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.tar.bz2
commissioning-1a8133dc057302d1a026e177ec21f80df8d91f8e.zip
Disallow " in password.1.0.0
Diffstat (limited to 'www/commission/index.php')
-rw-r--r--www/commission/index.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/www/commission/index.php b/www/commission/index.php
index 4c0ac81..10e044e 100644
--- a/www/commission/index.php
+++ b/www/commission/index.php
@@ -75,7 +75,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
} elseif ($userlen > 80) {
$username_err = "mLinux username must not exceed 32 characters";
} elseif (strstr($username,"\"")) {
- $username_err = "invalid character(s) in username";
+ $username_err = "No &#34; allowed in username";
} else {
syslog(LOG_ALERT, "Enter username check: $username");
$id = chk_username($username);
@@ -100,7 +100,10 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
} elseif ($passlen > 4096) {
$password_err = "Too long. Limit password length to 4096 characters";
$password = "";
-
+ } elseif (strstr($password,"\"")) {
+ $password_err = "No &#34; allowed in password";
+ $mismatch = 0;
+ $password = "";
} else {
if ($save_passwordlen === 0) {
$mismatch = 0;