diff options
| author | alecpl <alec@alec.pl> | 2010-02-25 10:56:01 +0000 |
|---|---|---|
| committer | alecpl <alec@alec.pl> | 2010-02-25 10:56:01 +0000 |
| commit | 64608bf2ef7fc5b6cedfb666c5f78a5771c58556 (patch) | |
| tree | 0392d04e75f95884324321406ad81ef1334baf42 | |
| parent | 951c07b1b16e1635f4563239cf55664a92b7c290 (diff) | |
- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | config/main.inc.php.dist | 5 | ||||
| -rw-r--r-- | index.php | 12 | ||||
| -rw-r--r-- | plugins/password/localization/en_US.inc | 7 | ||||
| -rw-r--r-- | plugins/password/localization/pl_PL.inc | 1 | ||||
| -rw-r--r-- | plugins/password/password.php | 31 |
6 files changed, 45 insertions, 12 deletions
@@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Password: Make passwords encoding consistent with core, add 'password_charset' global option (#1486473) - Fix adding contacts SQL error on mysql (#1486459) - Squirrelmail_usercopy: support reply-to field (#1486506) - Fix IE spellcheck suggestion popup issue (#1486471) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index f88226514..c35d4e1fc 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -123,6 +123,11 @@ $rcmail_config['smtp_auth_type'] = ''; // localhost if that isn't defined. $rcmail_config['smtp_helo_host'] = ''; +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + // Log sent messages $rcmail_config['smtp_log'] = TRUE; @@ -82,15 +82,19 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { 'host' => $RCMAIL->autoselect_host(), 'user' => trim(get_input_value('_user', RCUBE_INPUT_POST)), 'cookiecheck' => true, - )) + array('pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, 'ISO-8859-1')); + )); + + if (!isset($auth['pass'])) + $auth['pass'] = get_input_value('_pass', RCUBE_INPUT_POST, true, + $RCMAIL->config->get('password_charset', 'ISO-8859-1')); // check if client supports cookies if ($auth['cookiecheck'] && empty($_COOKIE)) { $OUTPUT->show_message("cookiesdisabled", 'warning'); } - else if ($_SESSION['temp'] && !$auth['abort'] && !empty($auth['host']) && - !empty($auth['user']) && isset($auth['pass']) && - $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) { + else if ($_SESSION['temp'] && !$auth['abort'] && + !empty($auth['host']) && !empty($auth['user']) && + $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) { // create new session ID rcube_sess_unset('temp'); rcube_sess_regenerate_id(); diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc index 75fe8618f..1ae2158b0 100644 --- a/plugins/password/localization/en_US.inc +++ b/plugins/password/localization/en_US.inc @@ -11,10 +11,11 @@ $messages['nopassword'] = 'Please input new password.'; $messages['nocurpassword'] = 'Please input current password.'; $messages['passwordincorrect'] = 'Current password incorrect.'; $messages['passwordinconsistency'] = 'Passwords do not match, please try again.'; -$messages['crypterror'] = 'Could not save new password. Encrypt function missing.'; +$messages['crypterror'] = 'Could not save new password. Encryption function missing.'; $messages['connecterror'] = 'Could not save new password. Connection error.'; $messages['internalerror'] = 'Could not save new password.'; -$messages['passwordshort'] = 'Your password must be at least $length characters long.'; -$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.'; +$messages['passwordshort'] = 'Password must be at least $length characters long.'; +$messages['passwordweak'] = 'Password must include at least one number and one punctuation character.'; +$messages['passwordforbidden'] = 'Password contains forbidden characters.'; ?> diff --git a/plugins/password/localization/pl_PL.inc b/plugins/password/localization/pl_PL.inc index 774437a28..687ca9383 100644 --- a/plugins/password/localization/pl_PL.inc +++ b/plugins/password/localization/pl_PL.inc @@ -16,5 +16,6 @@ $messages['connecterror'] = 'Nie udało się zapisać nowego hasła. Błąd poł $messages['internalerror'] = 'Nie udało się zapisać nowego hasła.'; $messages['passwordshort'] = 'Hasło musi posiadać co najmniej $length znaków.'; $messages['passwordweak'] = 'Hasło musi zawierać co najmniej jedną cyfrę i znak interpunkcyjny.'; +$messages['passwordforbidden'] = 'Hasło zawiera niedozwolone znaki.'; ?> diff --git a/plugins/password/password.php b/plugins/password/password.php index 4f34e40d2..3121eb6fe 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -86,11 +86,31 @@ class password extends rcube_plugin } else { - $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); - $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST); - - if ($conpwd != $newpwd) { + $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); + $rc_charset = strtoupper($rcmail->output->get_charset()); + + $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset); + $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true); + $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true); + + // check allowed characters according to the configured 'password_charset' option + // by converting the password entered by the user to this charset and back to UTF-8 + $orig_pwd = $newpwd; + $chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset); + $chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset); + + // WARNING: Default password_charset is ISO-8859-1, so conversion will + // change national characters. This may disable possibility of using + // the same password in other MUA's. + // We're doing this for consistence with Roundcube core + $newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset); + $conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset); + + if ($chk_pwd != $orig_pwd) { + $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error'); + } + // other passwords validity checks + else if ($conpwd != $newpwd) { $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); } else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { @@ -103,6 +123,7 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } + // try to save the password else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); $_SESSION['password'] = $rcmail->encrypt($newpwd); |