]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
projects / lorea / elgg.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f2a8003)
Fixes #1301. Not filtering passwords.
authorBrett Profitt <brett.profitt@gmail.com>
Thu, 19 Apr 2012 03:22:54 +0000 (20:22 -0700)
committerBrett Profitt <brett.profitt@gmail.com>
Thu, 19 Apr 2012 03:22:54 +0000 (20:22 -0700)
actions/login.php patch | blob | history
actions/register.php patch | blob | history
actions/useradd.php patch | blob | history
engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php [new file with mode: 0644] patch | blob
engine/lib/user_settings.php patch | blob | history
mod/twitter_api/actions/twitter_api/interstitial_settings.php patch | blob | history
version.php patch | blob | history

diff --git a/actions/login.php b/actions/login.php
index 256e78acb93e7e6318a442bdf626a65368033882..ea7fb350877545c83671be5925246040637c9dba 100644 (file)
--- a/actions/login.php
+++ b/actions/login.php
@@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
 }
 
 $username = get_input('username');
-$password = get_input("password");
-$persistent = get_input("persistent", FALSE);
-$result = FALSE;
+$password = get_input('password', null, false);
+$persistent = get_input("persistent", false);
+$result = false;
 
 if (empty($username) || empty($password)) {
        register_error(elgg_echo('login:empty'));
@@ -28,7 +28,7 @@ if (empty($username) || empty($password)) {
 }
 
 // check if logging in with email address
-if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
        $username = $users[0]->username;
 }
 
diff --git a/actions/register.php b/actions/register.php
index 360b7cb4b30aa6ed2f4c512d4d59aebb85b253ba..f23d5b3815f73b225e90bfed5f2f77c60ee90bb5 100644 (file)
--- a/actions/register.php
+++ b/actions/register.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('register');
 
 // Get variables
 $username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
 $email = get_input('email');
 $name = get_input('name');
 $friend_guid = (int) get_input('friend_guid', 0);
diff --git a/actions/useradd.php b/actions/useradd.php
index fdcd7e4380a2451389e01edf23e911e4aa8724ac..17459021bc353eac3fd222dda81b8e0505629eea 100644 (file)
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd');
 
 // Get variables
 $username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
 $email = get_input('email');
 $name = get_input('name');
 
diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
new file mode 100644 (file)
index 0000000..b82ffbe
--- /dev/null
+++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041800
+ * dont_filter_passwords
+ *
+ * Add admin notice that password handling has changed and if 
+ * users can't login to have them reset their passwords.
+ */
+elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. '
+       . 'This change may prevent a small number of users from logging in with their existing passwords. '
+       . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.');
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index af30d8f0dff18b06ae9b483b962ef9e9f259add7..e4069fb535b2442625ae4b8f3df9fd80516a97f9 100644 (file)
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -33,9 +33,9 @@ function users_settings_save() {
  * @access private
  */
 function elgg_set_user_password() {
-       $current_password = get_input('current_password');
-       $password = get_input('password');
-       $password2 = get_input('password2');
+       $current_password = get_input('current_password', null, false);
+       $password = get_input('password', null, false);
+       $password2 = get_input('password2', null, false);
        $user_guid = get_input('guid');
 
        if (!$user_guid) {
diff --git a/mod/twitter_api/actions/twitter_api/interstitial_settings.php b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
index 5f742efd89c2fb174138e6b03f78d597855ecc9f..880623973d5afade9624456b4946deedb28f4764 100644 (file)
--- a/mod/twitter_api/actions/twitter_api/interstitial_settings.php
+++ b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
@@ -6,8 +6,8 @@ elgg_make_sticky_form('twitter_api_interstitial');
 
 $display_name = get_input('display_name');
 $email = get_input('email');
-$password_1 = get_input('password_1');
-$password_2 = get_input('password_2');
+$password_1 = get_input('password_1', null, false);
+$password_2 = get_input('password_2', null, false);
 
 if (!$display_name) {
        register_error(elgg_echo('twitter_api:interstitial:no_display_name'));
diff --git a/version.php b/version.php
index dc6897c1843a454c52d91f0d2c14e6116ffbacca..cc4415228656c3f2c24540d18b0d871c2982c1f3 100644 (file)
--- a/version.php
+++ b/version.php
@@ -11,7 +11,7 @@
 
 // YYYYMMDD = Elgg Date
 // XX = Interim incrementer
-$version = 2012012100;
+$version = 2012041800;
 
 // Human-friendly version name
 $release = '1.8.3';
Social Networking Engine