Menu
▾
▴
#2449 gallery 1.5.1 passwordStrength calculation
gallery 1.5.1 has one errornous check in the passwordStrength calculation which leads to the fact that not-so-bad passwords cannot be used
[js/passwordStrengthMeter.js]
//password is just a nubers or chars
if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10
[lib/valchecks.php]
//password is just a nubers or chars
if (preg_match('/^\w+$/', $password) || preg_match('/^\d+$/', $password)) {
$score -= 10;
}
the misconception here is that the preg of cause matches e.g.
h3llo
foob8r
etce1era
on the "just chars" check - that check (it's the first one in the code blocks above) is incorrect
