|
From: SourceForge.net <no...@so...> - 2010-05-18 20:59:14
|
Bugs item #2987852, was opened at 2010-04-15 20:46 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2987852&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: SVN (please specify revision!) >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Jonathan Rogers (jonner) Assigned to: Nobody/Anonymous (nobody) Summary: min_password_length ignored if current password check fails Initial Comment: In the user's change password form, if the current password field doesn't match the current password and the new password fields are shorter than min_password_length, the "Password is too short - requires 5 characters" message is displayed, but the password is changed anyway, so both checks are circumvented. I discovered that this is due to a bug in the way errors are counted. A patch to fix it is attached. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2010-05-18 22:59 Message: Oops, this shouldn't happen :-( Thanks for reporting and the patch! Fortunately only authentificated users can access the "change password" page, therefore the severity of this bug is limited. Fixed in SVN r829 (trunk), will be backported to the 2.3 branch also. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2987852&group_id=191583 |
