diff options
Diffstat (limited to 'plugins/password')
-rw-r--r-- | plugins/password/localization/en_US.inc | 7 | ||||
-rw-r--r-- | plugins/password/localization/pl_PL.inc | 1 | ||||
-rw-r--r-- | plugins/password/password.php | 31 |
3 files changed, 31 insertions, 8 deletions
diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc index 75fe8618f..1ae2158b0 100644 --- a/plugins/password/localization/en_US.inc +++ b/plugins/password/localization/en_US.inc @@ -11,10 +11,11 @@ $messages['nopassword'] = 'Please input new password.'; $messages['nocurpassword'] = 'Please input current password.'; $messages['passwordincorrect'] = 'Current password incorrect.'; $messages['passwordinconsistency'] = 'Passwords do not match, please try again.'; -$messages['crypterror'] = 'Could not save new password. Encrypt function missing.'; +$messages['crypterror'] = 'Could not save new password. Encryption function missing.'; $messages['connecterror'] = 'Could not save new password. Connection error.'; $messages['internalerror'] = 'Could not save new password.'; -$messages['passwordshort'] = 'Your password must be at least $length characters long.'; -$messages['passwordweak'] = 'Your new password must include at least one number and one punctuation character.'; +$messages['passwordshort'] = 'Password must be at least $length characters long.'; +$messages['passwordweak'] = 'Password must include at least one number and one punctuation character.'; +$messages['passwordforbidden'] = 'Password contains forbidden characters.'; ?> diff --git a/plugins/password/localization/pl_PL.inc b/plugins/password/localization/pl_PL.inc index 774437a28..687ca9383 100644 --- a/plugins/password/localization/pl_PL.inc +++ b/plugins/password/localization/pl_PL.inc @@ -16,5 +16,6 @@ $messages['connecterror'] = 'Nie udało się zapisać nowego hasła. Błąd poł $messages['internalerror'] = 'Nie udało się zapisać nowego hasła.'; $messages['passwordshort'] = 'Hasło musi posiadać co najmniej $length znaków.'; $messages['passwordweak'] = 'Hasło musi zawierać co najmniej jedną cyfrę i znak interpunkcyjny.'; +$messages['passwordforbidden'] = 'Hasło zawiera niedozwolone znaki.'; ?> diff --git a/plugins/password/password.php b/plugins/password/password.php index 4f34e40d2..3121eb6fe 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -86,11 +86,31 @@ class password extends rcube_plugin } else { - $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST); - $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST); - $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST); - - if ($conpwd != $newpwd) { + $charset = strtoupper($rcmail->config->get('password_charset', 'ISO-8859-1')); + $rc_charset = strtoupper($rcmail->output->get_charset()); + + $curpwd = get_input_value('_curpasswd', RCUBE_INPUT_POST, true, $charset); + $newpwd = get_input_value('_newpasswd', RCUBE_INPUT_POST, true); + $conpwd = get_input_value('_confpasswd', RCUBE_INPUT_POST, true); + + // check allowed characters according to the configured 'password_charset' option + // by converting the password entered by the user to this charset and back to UTF-8 + $orig_pwd = $newpwd; + $chk_pwd = rcube_charset_convert($orig_pwd, $rc_charset, $charset); + $chk_pwd = rcube_charset_convert($chk_pwd, $charset, $rc_charset); + + // WARNING: Default password_charset is ISO-8859-1, so conversion will + // change national characters. This may disable possibility of using + // the same password in other MUA's. + // We're doing this for consistence with Roundcube core + $newpwd = rcube_charset_convert($newpwd, $rc_charset, $charset); + $conpwd = rcube_charset_convert($conpwd, $rc_charset, $charset); + + if ($chk_pwd != $orig_pwd) { + $rcmail->output->command('display_message', $this->gettext('passwordforbidden'), 'error'); + } + // other passwords validity checks + else if ($conpwd != $newpwd) { $rcmail->output->command('display_message', $this->gettext('passwordinconsistency'), 'error'); } else if ($confirm && $rcmail->decrypt($_SESSION['password']) != $curpwd) { @@ -103,6 +123,7 @@ class password extends rcube_plugin else if ($check_strength && (!preg_match("/[0-9]/", $newpwd) || !preg_match("/[^A-Za-z0-9]/", $newpwd))) { $rcmail->output->command('display_message', $this->gettext('passwordweak'), 'error'); } + // try to save the password else if (!($res = $this->_save($curpwd,$newpwd))) { $rcmail->output->command('display_message', $this->gettext('successfullysaved'), 'confirmation'); $_SESSION['password'] = $rcmail->encrypt($newpwd); |